Action not permitted
Modal body text goes here.
cve-2022-29599
Vulnerability from cvelistv5
Published
2022-05-23 10:25
Modified
2024-08-03 06:26
Severity ?
EPSS score ?
Summary
Commandline class shell injection vulnerabilities
References
▼ | URL | Tags | |
---|---|---|---|
security@apache.org | http://www.openwall.com/lists/oss-security/2022/05/23/3 | Mailing List, Third Party Advisory | |
security@apache.org | https://github.com/apache/maven-shared-utils/pull/40 | Patch, Third Party Advisory | |
security@apache.org | https://issues.apache.org/jira/browse/MSHARED-297 | Patch, Vendor Advisory | |
security@apache.org | https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html | Mailing List, Third Party Advisory | |
security@apache.org | https://www.debian.org/security/2022/dsa-5242 | Third Party Advisory |
Impacted products
▼ | Vendor | Product |
---|---|---|
Apache Software Foundation | Apache Maven |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:26:06.558Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://issues.apache.org/jira/browse/MSHARED-297" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/apache/maven-shared-utils/pull/40" }, { "name": "[oss-security] 20220523 CVE-2022-29599: Apache Maven: Commandline class shell injection vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/23/3" }, { "name": "[debian-lts-announce] 20220829 [SECURITY] [DLA 3086-1] maven-shared-utils security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html" }, { "name": "DSA-5242", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5242" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Maven", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "3.3.3", "status": "affected", "version": "maven-shared-utils", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-28T08:18:19.534Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://issues.apache.org/jira/browse/MSHARED-297" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/apache/maven-shared-utils/pull/40" }, { "name": "[oss-security] 20220523 CVE-2022-29599: Apache Maven: Commandline class shell injection vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/23/3" }, { "name": "[debian-lts-announce] 20220829 [SECURITY] [DLA 3086-1] maven-shared-utils security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html" }, { "name": "DSA-5242", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5242" } ], "source": { "defect": [ "MSHARED-297" ], "discovery": "UNKNOWN" }, "title": "Commandline class shell injection vulnerabilities", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2022-29599", "STATE": "PUBLIC", "TITLE": "Commandline class shell injection vulnerabilities" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Maven", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "maven-shared-utils", "version_value": "3.3.3" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ {} ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-116 Improper Encoding or Escaping of Output" } ] } ] }, "references": { "reference_data": [ { "name": "https://issues.apache.org/jira/browse/MSHARED-297", "refsource": "MISC", "url": "https://issues.apache.org/jira/browse/MSHARED-297" }, { "name": "https://github.com/apache/maven-shared-utils/pull/40", "refsource": "MISC", "url": "https://github.com/apache/maven-shared-utils/pull/40" }, { "name": "[oss-security] 20220523 CVE-2022-29599: Apache Maven: Commandline class shell injection vulnerabilities", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/05/23/3" }, { "name": "[debian-lts-announce] 20220829 [SECURITY] [DLA 3086-1] maven-shared-utils security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html" }, { "name": "DSA-5242", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5242" } ] }, "source": { "defect": [ "MSHARED-297" ], "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-29599", "datePublished": "2022-05-23T10:25:10", "dateReserved": "2022-04-24T00:00:00", "dateUpdated": "2024-08-03T06:26:06.558Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-29599\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2022-05-23T11:16:10.877\",\"lastModified\":\"2023-09-28T09:15:11.267\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.\"},{\"lang\":\"es\",\"value\":\"En Apache Maven maven-shared-utils versiones anteriores a 3.3.3, la clase Commandline puede emitir cadenas con comillas dobles sin un escape apropiado, permitiendo ataques de inyecci\u00f3n de shell\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-116\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-116\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:maven_shared_utils:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.3.3\",\"matchCriteriaId\":\"D6301EB5-EDF5-45DF-B9D0-2F0C314470D1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/05/23/3\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/maven-shared-utils/pull/40\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://issues.apache.org/jira/browse/MSHARED-297\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5242\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
rhsa-2024_0775
Vulnerability from csaf_redhat
Published
2024-02-12 10:46
Modified
2024-11-15 15:09
Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Notes
Topic
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)
* Jenkins: Session fixation vulnerability in OpenShift Login Plugin (CVE-2023-37946)
* jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE (CVE-2024-23897)
* jenkins: cross-site WebSocket hijacking (CVE-2024-23898)
* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)
* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)
* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* Jenkins: Session fixation vulnerability in OpenShift Login Plugin (CVE-2023-37946)\n\n* jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE (CVE-2024-23897)\n\n* jenkins: cross-site WebSocket hijacking (CVE-2024-23898)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:0775", "url": "https://access.redhat.com/errata/RHSA-2024:0775" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "2170039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039" }, { "category": "external", "summary": "2170041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041" }, { "category": "external", "summary": "2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "external", "summary": "2222709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222709" }, { "category": "external", "summary": "2260180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260180" }, { "category": "external", "summary": "2260182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260182" }, { "category": "external", "summary": "OCPBUGS-471", "url": "https://issues.redhat.com/browse/OCPBUGS-471" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0775.json" } ], "title": "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update", "tracking": { "current_release_date": "2024-11-15T15:09:15+00:00", "generator": { "date": "2024-11-15T15:09:15+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:0775", "initial_release_date": "2024-02-12T10:46:38+00:00", "revision_history": [ { "date": "2024-02-12T10:46:38+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-02-12T10:46:38+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T15:09:15+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.11::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.426.3.1706516929-3.el8.src", "product": { "name": "jenkins-0:2.426.3.1706516929-3.el8.src", "product_id": "jenkins-0:2.426.3.1706516929-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.426.3.1706516929-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.11.1706516946-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.11.1706516946-1.el8.src", "product_id": "jenkins-2-plugins-0:4.11.1706516946-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1706516946-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.426.3.1706516929-3.el8.noarch", "product": { "name": "jenkins-0:2.426.3.1706516929-3.el8.noarch", "product_id": "jenkins-0:2.426.3.1706516929-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.426.3.1706516929-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1706516946-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.426.3.1706516929-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch" }, "product_reference": "jenkins-0:2.426.3.1706516929-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.426.3.1706516929-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" }, "product_reference": "jenkins-0:2.426.3.1706516929-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.11.1706516946-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.11.1706516946-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-1471", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-12-01T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150009" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", "title": "Vulnerability description" }, { "category": "summary", "text": "SnakeYaml: Constructor Deserialization Remote Code Execution", "title": "Vulnerability summary" }, { "category": "other", "text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1471" }, { "category": "external", "summary": "RHBZ#2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:46:38+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0775" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "SnakeYaml: Constructor Deserialization Remote Code Execution" }, { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:46:38+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0775" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" }, { "cve": "CVE-2022-42889", "cwe": { "id": "CWE-1188", "name": "Initialization of a Resource with an Insecure Default" }, "discovery_date": "2022-10-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135435" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-text: variable interpolation RCE", "title": "Vulnerability summary" }, { "category": "other", "text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42889" }, { "category": "external", "summary": "RHBZ#2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889" }, { "category": "external", "summary": "https://blogs.apache.org/security/entry/cve-2022-42889", "url": "https://blogs.apache.org/security/entry/cve-2022-42889" }, { "category": "external", "summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om" }, { "category": "external", "summary": "https://seclists.org/oss-sec/2022/q4/22", "url": "https://seclists.org/oss-sec/2022/q4/22" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:46:38+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0775" }, { "category": "workaround", "details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-text: variable interpolation RCE" }, { "cve": "CVE-2023-24422", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-01-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164278" } ], "notes": [ { "category": "description", "text": "A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as out of support scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24422" }, { "category": "external", "summary": "RHBZ#2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24422", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24422" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016", "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016" } ], "release_date": "2023-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:46:38+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0775" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin" }, { "cve": "CVE-2023-25761", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170039" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25761" }, { "category": "external", "summary": "RHBZ#2170039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25761", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25761" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:46:38+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0775" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin" }, { "cve": "CVE-2023-25762", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170041" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25762" }, { "category": "external", "summary": "RHBZ#2170041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25762", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25762" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:46:38+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0775" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin" }, { "cve": "CVE-2023-27903", "cwe": { "id": "CWE-266", "name": "Incorrect Privilege Assignment" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177632" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI\u2019s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Temporary file parameter created with insecure permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27903" }, { "category": "external", "summary": "RHBZ#2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27903", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27903" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:46:38+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0775" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Temporary file parameter created with insecure permissions" }, { "cve": "CVE-2023-27904", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177634" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Information disclosure through error stack traces related to agents", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27904" }, { "category": "external", "summary": "RHBZ#2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:46:38+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0775" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Information disclosure through error stack traces related to agents" }, { "cve": "CVE-2023-37946", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2023-07-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2222709" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to bypass security restrictions caused by not invalidating the existing session on login. By persuading a victim to visit a specially crafted Web site, an attacker can gain administrator access to Jenkins.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Session fixation vulnerability in OpenShift Login Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-37946" }, { "category": "external", "summary": "RHBZ#2222709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222709" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-37946", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37946" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37946", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37946" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2998", "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2998" } ], "release_date": "2023-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:46:38+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0775" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Jenkins: Session fixation vulnerability in OpenShift Login Plugin" }, { "cve": "CVE-2024-23897", "cwe": { "id": "CWE-88", "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)" }, "discovery_date": "2024-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260180" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins, which uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces the \"@\" character followed by a file path in an argument with the file\u2019s contents (expandAtFiles). This feature is enabled by default; Jenkins 2.441 and earlier as well as LTS 2.426.2 and earlier do not disable it.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23897" }, { "category": "external", "summary": "RHBZ#2260180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260180" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23897", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23897" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23897", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23897" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:46:38+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0775" }, { "category": "workaround", "details": "Disabling access to the CLI is expected to prevent exploitation completely. Doing so is strongly recommended to administrators unable to immediately update to Jenkins 2.442, LTS 2.426.3 or LTS 2.440.1. Applying this workaround does not require a Jenkins restart.", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] } ], "threats": [ { "category": "exploit_status", "date": "2024-08-19T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE" }, { "cve": "CVE-2024-23898", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260182" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins where websocket access to the CLI does not perform origin validation of requests when they are made through the websocket endpoint.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: cross-site WebSocket hijacking", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1706516946-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23898" }, { "category": "external", "summary": "RHBZ#2260182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260182" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23898", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23898" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23898", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23898" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:46:38+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0775" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.426.3.1706516929-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: cross-site WebSocket hijacking" } ] }
rhsa-2023_6171
Vulnerability from csaf_redhat
Published
2023-10-30 11:10
Modified
2024-11-21 21:48
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.11 Openshift Jenkins security update
Notes
Topic
An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.11.
Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
CVE-2023-27904 jenkins: Information disclosure through error stack traces related to agents
CVE-2023-27903 jenkins: Temporary file parameter created with insecure permissions
CVE-2022-42889 jenkins-2-plugins: apache-commons-text: variable interpolation RCE
CVE-2023-25762 jenkins-2-plugins: jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin
CVE-2023-25761 jenkins-2-plugins: jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin
CVE-2022-42889 jenkins-2-plugins: apache-commons-text: variable interpolation RCE
CVE-2022-1471 jenkins-2-plugins: SnakeYaml: Constructor Deserialization Remote Code Execution
CVE-2023-24422 jenkins-2-plugins: jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
CVE-2023-25761 jenkins-2-plugins: jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin
CVE-2023-25762 jenkins-2-plugins: jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin
CVE-2022-29599 jenkins-2-plugins: maven-shared-utils: Command injection via Commandline class
CVE-2023-39325 openshift-jenkins-2-container: golang: net/http, x/net/http2: rapid stream resets can cause excessive work/
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.11.\nRed Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\nCVE-2023-27904 jenkins: Information disclosure through error stack traces related to agents\nCVE-2023-27903 jenkins: Temporary file parameter created with insecure permissions\nCVE-2022-42889 jenkins-2-plugins: apache-commons-text: variable interpolation RCE\nCVE-2023-25762 jenkins-2-plugins: jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin\nCVE-2023-25761 jenkins-2-plugins: jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin\nCVE-2022-42889 jenkins-2-plugins: apache-commons-text: variable interpolation RCE \nCVE-2022-1471 jenkins-2-plugins: SnakeYaml: Constructor Deserialization Remote Code Execution\nCVE-2023-24422 jenkins-2-plugins: jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin\nCVE-2023-25761 jenkins-2-plugins: jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin\nCVE-2023-25762 jenkins-2-plugins: jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin\nCVE-2022-29599 jenkins-2-plugins: maven-shared-utils: Command injection via Commandline class\nCVE-2023-39325 openshift-jenkins-2-container: golang: net/http, x/net/http2: rapid stream resets can cause excessive work/\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:6171", "url": "https://access.redhat.com/errata/RHSA-2023:6171" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6171.json" } ], "title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.11 Openshift Jenkins security update", "tracking": { "current_release_date": "2024-11-21T21:48:35+00:00", "generator": { "date": "2024-11-21T21:48:35+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:6171", "initial_release_date": "2023-10-30T11:10:10+00:00", "revision_history": [ { "date": "2023-10-30T11:10:10+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-10-30T11:10:10+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-21T21:48:35+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.11::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.414.3.1698298955-3.el8.src", "product": { "name": "jenkins-0:2.414.3.1698298955-3.el8.src", "product_id": "jenkins-0:2.414.3.1698298955-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.414.3.1698298955-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.11.1698299029-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.11.1698299029-1.el8.src", "product_id": "jenkins-2-plugins-0:4.11.1698299029-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1698299029-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.414.3.1698298955-3.el8.noarch", "product": { "name": "jenkins-0:2.414.3.1698298955-3.el8.noarch", "product_id": "jenkins-0:2.414.3.1698298955-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.414.3.1698298955-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1698299029-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.414.3.1698298955-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch" }, "product_reference": "jenkins-0:2.414.3.1698298955-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.414.3.1698298955-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" }, "product_reference": "jenkins-0:2.414.3.1698298955-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.11.1698299029-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.11.1698299029-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-1471", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-12-01T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150009" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", "title": "Vulnerability description" }, { "category": "summary", "text": "SnakeYaml: Constructor Deserialization Remote Code Execution", "title": "Vulnerability summary" }, { "category": "other", "text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1471" }, { "category": "external", "summary": "RHBZ#2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:10:10+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6171" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "SnakeYaml: Constructor Deserialization Remote Code Execution" }, { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:10:10+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6171" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" }, { "cve": "CVE-2022-42889", "cwe": { "id": "CWE-1188", "name": "Initialization of a Resource with an Insecure Default" }, "discovery_date": "2022-10-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135435" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-text: variable interpolation RCE", "title": "Vulnerability summary" }, { "category": "other", "text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42889" }, { "category": "external", "summary": "RHBZ#2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889" }, { "category": "external", "summary": "https://blogs.apache.org/security/entry/cve-2022-42889", "url": "https://blogs.apache.org/security/entry/cve-2022-42889" }, { "category": "external", "summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om" }, { "category": "external", "summary": "https://seclists.org/oss-sec/2022/q4/22", "url": "https://seclists.org/oss-sec/2022/q4/22" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:10:10+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6171" }, { "category": "workaround", "details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-text: variable interpolation RCE" }, { "cve": "CVE-2023-24422", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-01-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164278" } ], "notes": [ { "category": "description", "text": "A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as out of support scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24422" }, { "category": "external", "summary": "RHBZ#2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24422", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24422" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016", "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016" } ], "release_date": "2023-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:10:10+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6171" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin" }, { "cve": "CVE-2023-25761", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170039" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25761" }, { "category": "external", "summary": "RHBZ#2170039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25761", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25761" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:10:10+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6171" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin" }, { "cve": "CVE-2023-25762", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170041" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25762" }, { "category": "external", "summary": "RHBZ#2170041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25762", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25762" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:10:10+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6171" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin" }, { "cve": "CVE-2023-27903", "cwe": { "id": "CWE-266", "name": "Incorrect Privilege Assignment" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177632" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI\u2019s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Temporary file parameter created with insecure permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27903" }, { "category": "external", "summary": "RHBZ#2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27903", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27903" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:10:10+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6171" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Temporary file parameter created with insecure permissions" }, { "cve": "CVE-2023-27904", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177634" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Information disclosure through error stack traces related to agents", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27904" }, { "category": "external", "summary": "RHBZ#2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:10:10+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6171" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Information disclosure through error stack traces related to agents" }, { "cve": "CVE-2023-39325", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2243296" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39325" }, { "category": "external", "summary": "RHBZ#2243296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-44487", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://go.dev/issue/63417", "url": "https://go.dev/issue/63417" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:10:10+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6171" }, { "category": "workaround", "details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.414.3.1698298955-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1698299029-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)" } ] }
rhsa-2024_0777
Vulnerability from csaf_redhat
Published
2024-02-12 10:27
Modified
2024-11-21 21:54
Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Notes
Topic
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.14.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)
* Jenkins: Session fixation vulnerability in OpenShift Login Plugin (CVE-2023-37946)
* jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin may approve unsandboxed scripts (CVE-2023-40336)
* guava: insecure temporary directory creation (CVE-2023-2976)
* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)
* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)
* jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)
* Jenkins: Open redirect vulnerability in OpenShift Login Plugin (CVE-2023-37947)
* jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin (CVE-2023-40337)
* jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin (CVE-2023-40338)
* jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin (CVE-2023-40339)
* jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials (CVE-2023-40341)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.14.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* Jenkins: Session fixation vulnerability in OpenShift Login Plugin (CVE-2023-37946)\n\n* jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin may approve unsandboxed scripts (CVE-2023-40336)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)\n\n* jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)\n\n* Jenkins: Open redirect vulnerability in OpenShift Login Plugin (CVE-2023-37947)\n\n* jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin (CVE-2023-40337)\n\n* jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin (CVE-2023-40338)\n\n* jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin (CVE-2023-40339)\n\n* jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials (CVE-2023-40341)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:0777", "url": "https://access.redhat.com/errata/RHSA-2024:0777" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "2170039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039" }, { "category": "external", "summary": "2170041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041" }, { "category": "external", "summary": "2215214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215214" }, { "category": "external", "summary": "2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "2222709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222709" }, { "category": "external", "summary": "2222710", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222710" }, { "category": "external", "summary": "2232422", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232422" }, { "category": "external", "summary": "2232423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232423" }, { "category": "external", "summary": "2232424", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232424" }, { "category": "external", "summary": "2232425", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232425" }, { "category": "external", "summary": "2232426", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232426" }, { "category": "external", "summary": "2242803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "category": "external", "summary": "2243296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296" }, { "category": "external", "summary": "JKNS-271", "url": "https://issues.redhat.com/browse/JKNS-271" }, { "category": "external", "summary": "JKNS-289", "url": "https://issues.redhat.com/browse/JKNS-289" }, { "category": "external", "summary": "JKNS-337", "url": "https://issues.redhat.com/browse/JKNS-337" }, { "category": "external", "summary": "JKNS-344", "url": "https://issues.redhat.com/browse/JKNS-344" }, { "category": "external", "summary": "JKNS-345", "url": "https://issues.redhat.com/browse/JKNS-345" }, { "category": "external", "summary": "OCPBUGS-11158", "url": "https://issues.redhat.com/browse/OCPBUGS-11158" }, { "category": "external", "summary": "OCPBUGS-11253", "url": "https://issues.redhat.com/browse/OCPBUGS-11253" }, { "category": "external", "summary": "OCPBUGS-11254", "url": "https://issues.redhat.com/browse/OCPBUGS-11254" }, { "category": "external", "summary": "OCPBUGS-11446", "url": "https://issues.redhat.com/browse/OCPBUGS-11446" }, { "category": "external", "summary": "OCPBUGS-1357", "url": "https://issues.redhat.com/browse/OCPBUGS-1357" }, { "category": "external", "summary": "OCPBUGS-13869", "url": "https://issues.redhat.com/browse/OCPBUGS-13869" }, { "category": "external", "summary": "OCPBUGS-14111", "url": "https://issues.redhat.com/browse/OCPBUGS-14111" }, { "category": "external", "summary": "OCPBUGS-14609", "url": "https://issues.redhat.com/browse/OCPBUGS-14609" }, { "category": "external", "summary": "OCPBUGS-15646", "url": "https://issues.redhat.com/browse/OCPBUGS-15646" }, { "category": "external", "summary": "OCPBUGS-15902", "url": "https://issues.redhat.com/browse/OCPBUGS-15902" }, { "category": "external", "summary": "OCPBUGS-1709", "url": "https://issues.redhat.com/browse/OCPBUGS-1709" }, { "category": "external", "summary": "OCPBUGS-1942", "url": "https://issues.redhat.com/browse/OCPBUGS-1942" }, { "category": "external", "summary": "OCPBUGS-2099", "url": "https://issues.redhat.com/browse/OCPBUGS-2099" }, { "category": "external", "summary": "OCPBUGS-2184", "url": "https://issues.redhat.com/browse/OCPBUGS-2184" }, { "category": "external", "summary": "OCPBUGS-2318", "url": "https://issues.redhat.com/browse/OCPBUGS-2318" }, { "category": "external", "summary": "OCPBUGS-23438", "url": "https://issues.redhat.com/browse/OCPBUGS-23438" }, { "category": "external", "summary": "OCPBUGS-27388", "url": "https://issues.redhat.com/browse/OCPBUGS-27388" }, { "category": "external", "summary": "OCPBUGS-655", "url": "https://issues.redhat.com/browse/OCPBUGS-655" }, { "category": "external", "summary": "OCPBUGS-6579", "url": "https://issues.redhat.com/browse/OCPBUGS-6579" }, { "category": "external", "summary": "OCPBUGS-6870", "url": "https://issues.redhat.com/browse/OCPBUGS-6870" }, { "category": "external", "summary": "OCPBUGS-710", "url": "https://issues.redhat.com/browse/OCPBUGS-710" }, { "category": "external", "summary": "OCPBUGS-8377", "url": "https://issues.redhat.com/browse/OCPBUGS-8377" }, { "category": "external", "summary": "OCPBUGS-8442", "url": "https://issues.redhat.com/browse/OCPBUGS-8442" }, { "category": "external", "summary": "OCPTOOLS-244", "url": "https://issues.redhat.com/browse/OCPTOOLS-244" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0777.json" } ], "title": "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update", "tracking": { "current_release_date": "2024-11-21T21:54:04+00:00", "generator": { "date": "2024-11-21T21:54:04+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:0777", "initial_release_date": "2024-02-12T10:27:23+00:00", "revision_history": [ { "date": "2024-02-12T10:27:23+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-02-12T10:27:23+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-21T21:54:04+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.14", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.14::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-2-plugins-0:4.14.1706516441-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.14.1706516441-1.el8.src", "product_id": "jenkins-2-plugins-0:4.14.1706516441-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1706516441-1.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-0:2.426.3.1706516352-3.el8.src", "product": { "name": "jenkins-0:2.426.3.1706516352-3.el8.src", "product_id": "jenkins-0:2.426.3.1706516352-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.426.3.1706516352-3.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1706516441-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-0:2.426.3.1706516352-3.el8.noarch", "product": { "name": "jenkins-0:2.426.3.1706516352-3.el8.noarch", "product_id": "jenkins-0:2.426.3.1706516352-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.426.3.1706516352-3.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.426.3.1706516352-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch" }, "product_reference": "jenkins-0:2.426.3.1706516352-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.426.3.1706516352-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" }, "product_reference": "jenkins-0:2.426.3.1706516352-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.14.1706516441-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.14.1706516441-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.14" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:27:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0777" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:27:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0777" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" }, { "cve": "CVE-2022-42889", "cwe": { "id": "CWE-1188", "name": "Initialization of a Resource with an Insecure Default" }, "discovery_date": "2022-10-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135435" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-text: variable interpolation RCE", "title": "Vulnerability summary" }, { "category": "other", "text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42889" }, { "category": "external", "summary": "RHBZ#2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889" }, { "category": "external", "summary": "https://blogs.apache.org/security/entry/cve-2022-42889", "url": "https://blogs.apache.org/security/entry/cve-2022-42889" }, { "category": "external", "summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om" }, { "category": "external", "summary": "https://seclists.org/oss-sec/2022/q4/22", "url": "https://seclists.org/oss-sec/2022/q4/22" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:27:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0777" }, { "category": "workaround", "details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-text: variable interpolation RCE" }, { "cve": "CVE-2023-2976", "cwe": { "id": "CWE-552", "name": "Files or Directories Accessible to External Parties" }, "discovery_date": "2023-06-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215229" } ], "notes": [ { "category": "description", "text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: insecure temporary directory creation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-2976" }, { "category": "external", "summary": "RHBZ#2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976" } ], "release_date": "2023-06-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:27:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0777" }, { "category": "workaround", "details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "guava: insecure temporary directory creation" }, { "cve": "CVE-2023-24422", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-01-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164278" } ], "notes": [ { "category": "description", "text": "A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as out of support scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24422" }, { "category": "external", "summary": "RHBZ#2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24422", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24422" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016", "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016" } ], "release_date": "2023-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:27:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0777" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin" }, { "cve": "CVE-2023-25761", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170039" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25761" }, { "category": "external", "summary": "RHBZ#2170039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25761", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25761" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:27:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0777" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin" }, { "cve": "CVE-2023-25762", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170041" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25762" }, { "category": "external", "summary": "RHBZ#2170041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25762", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25762" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:27:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0777" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin" }, { "cve": "CVE-2023-35116", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-06-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215214" } ], "notes": [ { "category": "description", "text": "jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor\u0027s perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: denial of service via cylic dependencies", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is disputed by the component developers and is under reconsideration by NIST. As such, it should be excluded from scanning utilities or other compliance systems until the dispute is finalized.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-35116" }, { "category": "external", "summary": "RHBZ#2215214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215214" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-35116", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35116" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35116", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35116" } ], "release_date": "2023-06-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:27:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0777" }, { "category": "workaround", "details": "jackson-databind should not be used to deserialize untrusted inputs. User inputs should be validated and sanitized before processing.", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: denial of service via cylic dependencies" }, { "cve": "CVE-2023-37946", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2023-07-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2222709" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to bypass security restrictions caused by not invalidating the existing session on login. By persuading a victim to visit a specially crafted Web site, an attacker can gain administrator access to Jenkins.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Session fixation vulnerability in OpenShift Login Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-37946" }, { "category": "external", "summary": "RHBZ#2222709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222709" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-37946", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37946" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37946", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37946" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2998", "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2998" } ], "release_date": "2023-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:27:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0777" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Jenkins: Session fixation vulnerability in OpenShift Login Plugin" }, { "cve": "CVE-2023-37947", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2023-07-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2222710" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to conduct phishing attacks caused by an open redirect vulnerability. An attacker can use a specially crafted URL to redirect a victim to arbitrary web sites.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Open redirect vulnerability in OpenShift Login Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-37947" }, { "category": "external", "summary": "RHBZ#2222710", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222710" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-37947", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37947" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37947", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37947" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2999", "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2999" } ], "release_date": "2023-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:27:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0777" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Jenkins: Open redirect vulnerability in OpenShift Login Plugin" }, { "cve": "CVE-2023-39325", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2243296" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39325" }, { "category": "external", "summary": "RHBZ#2243296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-44487", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://go.dev/issue/63417", "url": "https://go.dev/issue/63417" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:27:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0777" }, { "category": "workaround", "details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)" }, { "cve": "CVE-2023-40336", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "discovery_date": "2023-08-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2232424" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins Folders Plugin. Affected versions of this plugin allow attackers to copy folders.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin may approve unsandboxed scripts", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40336" }, { "category": "external", "summary": "RHBZ#2232424", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232424" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40336", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40336" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40336", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40336" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3106", "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3106" } ], "release_date": "2023-08-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:27:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0777" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin may approve unsandboxed scripts" }, { "cve": "CVE-2023-40337", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "discovery_date": "2023-08-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2232425" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin allow attackers to copy a view inside a folder.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40337" }, { "category": "external", "summary": "RHBZ#2232425", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232425" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40337", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40337" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40337", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40337" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105", "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105" } ], "release_date": "2023-08-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:27:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0777" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin" }, { "cve": "CVE-2023-40338", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-08-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2232426" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin display an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available. This flaw exposes information about the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40338" }, { "category": "external", "summary": "RHBZ#2232426", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232426" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40338", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40338" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40338", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40338" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109", "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109" } ], "release_date": "2023-08-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:27:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0777" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin" }, { "cve": "CVE-2023-40339", "discovery_date": "2023-08-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2232423" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask (replace with asterisks) credentials specified in configuration files when they\u0027re written to the build log.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40339" }, { "category": "external", "summary": "RHBZ#2232423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40339", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40339" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40339", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40339" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3090", "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3090" } ], "release_date": "2023-08-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:27:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0777" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin" }, { "cve": "CVE-2023-40341", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "discovery_date": "2023-08-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2232422" } ], "notes": [ { "category": "description", "text": "A flaw was found in the blueocean Jenkins plugin. Affected versions of this plugin allow attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40341" }, { "category": "external", "summary": "RHBZ#2232422", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232422" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40341", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40341" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40341", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40341" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116", "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116" } ], "release_date": "2023-08-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:27:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0777" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials" }, { "cve": "CVE-2023-44487", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2242803" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)", "title": "Vulnerability summary" }, { "category": "other", "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "RHBZ#2242803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "category": "external", "summary": "RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/277", "url": "https://github.com/dotnet/announcements/issues/277" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" }, { "category": "external", "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:27:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0777" }, { "category": "workaround", "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1706516441-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.426.3.1706516352-3.el8.src" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-10-10T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)" } ] }
rhsa-2022_9098
Vulnerability from csaf_redhat
Published
2023-01-04 17:01
Modified
2024-11-15 13:18
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.10.46 packages and security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.10.46 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.46. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2022:9099
Security Fix(es):
* maven-shared-utils: Command injection via Commandline class
(CVE-2022-29599)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.10.46 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.46. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:9099\n\nSecurity Fix(es):\n\n* maven-shared-utils: Command injection via Commandline class\n(CVE-2022-29599)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:9098", "url": "https://access.redhat.com/errata/RHSA-2022:9098" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2022_9098.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.10.46 packages and security update", "tracking": { "current_release_date": "2024-11-15T13:18:33+00:00", "generator": { "date": "2024-11-15T13:18:33+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:9098", "initial_release_date": "2023-01-04T17:01:46+00:00", "revision_history": [ { "date": "2023-01-04T17:01:46+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-01-04T17:01:46+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T13:18:33+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.10", "product": { "name": "Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.10::el8" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.10", "product": { "name": "Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.10::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.src", "product": { "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.src", "product_id": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.4-3.rhaos4.10.git8240333.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.10.1670851835-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.10.1670851835-1.el8.src", "product_id": "jenkins-2-plugins-0:4.10.1670851835-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.10.1670851835-1.el8?arch=src" } } }, { "category": "product_version", "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el7.src", "product": { "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el7.src", "product_id": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.4-3.rhaos4.10.git8240333.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64", "product": { "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64", "product_id": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.4-3.rhaos4.10.git8240333.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64", "product": { "name": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64", "product_id": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.4-3.rhaos4.10.git8240333.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64", "product": { "name": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64", "product_id": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.4-3.rhaos4.10.git8240333.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el7.x86_64", "product": { "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el7.x86_64", "product_id": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.4-3.rhaos4.10.git8240333.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el7.x86_64", "product": { "name": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el7.x86_64", "product_id": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.4-3.rhaos4.10.git8240333.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "product": { "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "product_id": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.4-3.rhaos4.10.git8240333.el8?arch=aarch64" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "product": { "name": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "product_id": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.4-3.rhaos4.10.git8240333.el8?arch=aarch64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "product": { "name": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "product_id": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.4-3.rhaos4.10.git8240333.el8?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "product": { "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "product_id": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.4-3.rhaos4.10.git8240333.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "product": { "name": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "product_id": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.4-3.rhaos4.10.git8240333.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "product": { "name": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "product_id": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.4-3.rhaos4.10.git8240333.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "product": { "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "product_id": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.4-3.rhaos4.10.git8240333.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "product": { "name": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "product_id": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.4-3.rhaos4.10.git8240333.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "product": { "name": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "product_id": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.4-3.rhaos4.10.git8240333.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "jenkins-2-plugins-0:4.10.1670851835-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.10.1670851835-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.10.1670851835-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.10.1670851835-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el7.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el7.src" }, "product_reference": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el7.x86_64" }, "product_reference": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el7.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64" }, "product_reference": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le" }, "product_reference": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x" }, "product_reference": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.src" }, "product_reference": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64" }, "product_reference": "cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64" }, "product_reference": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le" }, "product_reference": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x" }, "product_reference": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64" }, "product_reference": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le" }, "product_reference": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x" }, "product_reference": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64" }, "product_reference": "cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.10.1670851835-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1670851835-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.10.1670851835-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.10.1670851835-1.el8.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1670851835-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.10.1670851835-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.10" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el7.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1670851835-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1670851835-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el7.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.4-3.rhaos4.10.git8240333.el8.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-01-04T17:01:46+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1670851835-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1670851835-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:9098" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1670851835-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1670851835-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" } ] }
rhsa-2022_4797
Vulnerability from csaf_redhat
Published
2022-05-30 12:51
Modified
2024-11-15 13:02
Summary
Red Hat Security Advisory: maven:3.6 security update
Notes
Topic
An update for the maven:3.6 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Extended Update Support, and Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.
Security Fix(es):
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the maven:3.6 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Extended Update Support, and Red Hat Enterprise Linux 8.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.\n\nSecurity Fix(es):\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4797", "url": "https://access.redhat.com/errata/RHSA-2022:4797" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4797.json" } ], "title": "Red Hat Security Advisory: maven:3.6 security update", "tracking": { "current_release_date": "2024-11-15T13:02:02+00:00", "generator": { "date": "2024-11-15T13:02:02+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:4797", "initial_release_date": "2022-05-30T12:51:42+00:00", "revision_history": [ { "date": "2022-05-30T12:51:42+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-30T12:51:42+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T13:02:02+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product": { "name": "Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:8.4::appstream" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product": { "name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:8.2::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "maven:3.6:8040020220428113925:2bbcd66f", "product": { "name": "maven:3.6:8040020220428113925:2bbcd66f", "product_id": "maven:3.6:8040020220428113925:2bbcd66f", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/maven@3.6:8040020220428113925:2bbcd66f" } } }, { "category": "product_version", "name": "aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.noarch", "product_id": "aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/aopalliance@1.0-20.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.noarch", "product_id": "apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-cli@1.4-7.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.noarch", "product_id": "apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-codec@1.13-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.noarch", "product_id": "apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-io@2.6-6.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.noarch", "product_id": "apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-lang3@3.9-4.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.noarch", "product_id": "atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atinject@1-31.20100611svn86.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.noarch", "product_id": "cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/cdi-api@2.0.1-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.noarch", "product_id": "geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-annotation@1.0-26.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.noarch", "product_id": "google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/google-guice@4.2.2-4.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "guava-0:28.1-3.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "guava-0:28.1-3.module+el8.3.0+6804+157bd82e.noarch", "product_id": "guava-0:28.1-3.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/guava@28.1-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.noarch", "product_id": "httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-client@4.5.10-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.noarch", "product_id": "httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-core@4.4.12-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.noarch", "product_id": "jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi@1.18-4.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "jcl-over-slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "jcl-over-slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch", "product_id": "jcl-over-slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jcl-over-slf4j@1.7.28-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.noarch", "product_id": "jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jsoup@1.12.1-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.noarch", "product_id": "jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jsr-305@0-0.25.20130910svn.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "product": { "name": "maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "product_id": "maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven@3.6.2-6.module%2Bel8.4.0%2B9250%2B1786af37?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-lib-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "product": { "name": "maven-lib-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "product_id": "maven-lib-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-lib@3.6.2-6.module%2Bel8.4.0%2B9250%2B1786af37?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-openjdk11-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "product": { "name": "maven-openjdk11-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "product_id": "maven-openjdk11-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-openjdk11@3.6.2-6.module%2Bel8.4.0%2B9250%2B1786af37?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-openjdk8-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "product": { "name": "maven-openjdk8-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "product_id": "maven-openjdk8-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-openjdk8@3.6.2-6.module%2Bel8.4.0%2B9250%2B1786af37?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.noarch", "product_id": "maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver@1.4.1-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.noarch", "product": { "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.noarch", "product_id": "maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-shared-utils@3.2.1-0.5.module%2Bel8.4.0%2B15048%2Bbdaf849b?arch=noarch" } } }, { "category": "product_version", "name": "maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.noarch", "product_id": "maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-wagon@3.3.4-2.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.noarch", "product_id": "plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-cipher@1.7-17.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.noarch", "product_id": "plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-classworlds@2.6.0-4.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "plexus-containers-component-annotations-0:2.1.0-2.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "plexus-containers-component-annotations-0:2.1.0-2.module+el8.3.0+6804+157bd82e.noarch", "product_id": "plexus-containers-component-annotations-0:2.1.0-2.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-containers-component-annotations@2.1.0-2.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.noarch", "product_id": "plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-interpolation@1.26-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.noarch", "product_id": "plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-sec-dispatcher@1.4-29.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.noarch", "product_id": "plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-utils@3.3.0-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.noarch", "product_id": "sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/sisu@0.3.4-2.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch", "product": { "name": "slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch", "product_id": "slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j@1.7.28-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=noarch" } } }, { "category": "product_version", "name": "maven:3.6:8060020220428115217:32bfc089", "product": { "name": "maven:3.6:8060020220428115217:32bfc089", "product_id": "maven:3.6:8060020220428115217:32bfc089", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/maven@3.6:8060020220428115217:32bfc089" } } }, { "category": "product_version", "name": "aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/aopalliance@1.0-20.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-cli@1.4-7.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-codec@1.13-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-io@2.6-6.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-lang3@3.9-4.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atinject@1-31.20100611svn86.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/cdi-api@2.0.1-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-annotation@1.0-26.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/google-guice@4.2.2-4.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/guava@28.1-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-client@4.5.10-4.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-core@4.4.12-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi@1.18-4.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "jcl-over-slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "jcl-over-slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "jcl-over-slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jcl-over-slf4j@1.7.28-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jsoup@1.12.1-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jsr-305@0-0.25.20130910svn.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven@3.6.2-7.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-lib-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "maven-lib-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "maven-lib-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-lib@3.6.2-7.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-openjdk11-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "maven-openjdk11-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "maven-openjdk11-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-openjdk11@3.6.2-7.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-openjdk17-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "maven-openjdk17-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "maven-openjdk17-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-openjdk17@3.6.2-7.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-openjdk8-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "maven-openjdk8-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "maven-openjdk8-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-openjdk8@3.6.2-7.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver@1.4.1-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.noarch", "product": { "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.noarch", "product_id": "maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-shared-utils@3.2.1-0.5.module%2Bel8.6.0%2B15049%2B43453910?arch=noarch" } } }, { "category": "product_version", "name": "maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-wagon@3.3.4-2.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-cipher@1.7-17.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-classworlds@2.6.0-4.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "plexus-containers-component-annotations-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "plexus-containers-component-annotations-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "plexus-containers-component-annotations-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-containers-component-annotations@2.1.0-2.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-interpolation@1.26-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-sec-dispatcher@1.4-29.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-utils@3.3.0-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/sisu@0.3.4-2.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch", "product": { "name": "slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch", "product_id": "slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j@1.7.28-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=noarch" } } }, { "category": "product_version", "name": "maven:3.6:8020020220428113059:6f73a675", "product": { "name": "maven:3.6:8020020220428113059:6f73a675", "product_id": "maven:3.6:8020020220428113059:6f73a675", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/maven@3.6:8020020220428113059:6f73a675" } } }, { "category": "product_version", "name": "aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.noarch", "product_id": "aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/aopalliance@1.0-20.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.noarch", "product_id": "apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-cli@1.4-7.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.noarch", "product_id": "apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-codec@1.13-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.noarch", "product_id": "apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-io@2.6-6.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.noarch", "product_id": "apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-lang3@3.9-4.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.noarch", "product_id": "atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atinject@1-31.20100611svn86.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.noarch", "product_id": "cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/cdi-api@2.0.1-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.noarch", "product_id": "geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-annotation@1.0-26.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.noarch", "product_id": "google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/google-guice@4.2.2-4.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "guava-0:28.1-3.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "guava-0:28.1-3.module+el8.2.0+5557+11a14461.noarch", "product_id": "guava-0:28.1-3.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/guava@28.1-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.noarch", "product_id": "httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-client@4.5.10-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.noarch", "product_id": "httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-core@4.4.12-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "jansi-0:1.18-4.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "jansi-0:1.18-4.module+el8.2.0+5557+11a14461.noarch", "product_id": "jansi-0:1.18-4.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi@1.18-4.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "jcl-over-slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "jcl-over-slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch", "product_id": "jcl-over-slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jcl-over-slf4j@1.7.28-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.noarch", "product_id": "jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jsoup@1.12.1-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.noarch", "product_id": "jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jsr-305@0-0.25.20130910svn.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "product": { "name": "maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "product_id": "maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven@3.6.2-4.module%2Bel8.2.0%2B5560%2Bb953ed0b?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-lib-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "product": { "name": "maven-lib-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "product_id": "maven-lib-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-lib@3.6.2-4.module%2Bel8.2.0%2B5560%2Bb953ed0b?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-openjdk11-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "product": { "name": "maven-openjdk11-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "product_id": "maven-openjdk11-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-openjdk11@3.6.2-4.module%2Bel8.2.0%2B5560%2Bb953ed0b?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-openjdk8-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "product": { "name": "maven-openjdk8-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "product_id": "maven-openjdk8-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-openjdk8@3.6.2-4.module%2Bel8.2.0%2B5560%2Bb953ed0b?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.noarch", "product_id": "maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver@1.4.1-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.noarch", "product": { "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.noarch", "product_id": "maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-shared-utils@3.2.1-0.5.module%2Bel8.2.0%2B15047%2Bacf0c170?arch=noarch" } } }, { "category": "product_version", "name": "maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.noarch", "product_id": "maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-wagon@3.3.4-2.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.noarch", "product_id": "plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-cipher@1.7-17.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.noarch", "product_id": "plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-classworlds@2.6.0-4.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "plexus-containers-component-annotations-0:2.1.0-2.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "plexus-containers-component-annotations-0:2.1.0-2.module+el8.2.0+5557+11a14461.noarch", "product_id": "plexus-containers-component-annotations-0:2.1.0-2.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-containers-component-annotations@2.1.0-2.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.noarch", "product_id": "plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-interpolation@1.26-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.noarch", "product_id": "plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-sec-dispatcher@1.4-29.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.noarch", "product_id": "plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-utils@3.3.0-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.noarch", "product_id": "sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/sisu@0.3.4-2.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } }, { "category": "product_version", "name": "slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch", "product": { "name": "slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch", "product_id": "slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j@1.7.28-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.src", "product": { "name": "aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.src", "product_id": "aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/aopalliance@1.0-20.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.src", "product": { "name": "apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.src", "product_id": "apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-cli@1.4-7.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.src", "product": { "name": "apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.src", "product_id": "apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-codec@1.13-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.src", "product": { "name": "apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.src", "product_id": "apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-io@2.6-6.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.src", "product": { "name": "apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.src", "product_id": "apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-lang3@3.9-4.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.src", "product": { "name": "atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.src", "product_id": "atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atinject@1-31.20100611svn86.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.src", "product": { "name": "cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.src", "product_id": "cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cdi-api@2.0.1-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.src", "product": { "name": "geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.src", "product_id": "geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-annotation@1.0-26.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.src", "product": { "name": "google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.src", "product_id": "google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/google-guice@4.2.2-4.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "guava-0:28.1-3.module+el8.3.0+6804+157bd82e.src", "product": { "name": "guava-0:28.1-3.module+el8.3.0+6804+157bd82e.src", "product_id": "guava-0:28.1-3.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/guava@28.1-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.src", "product": { "name": "httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.src", "product_id": "httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-client@4.5.10-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.src", "product": { "name": "httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.src", "product_id": "httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-core@4.4.12-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.src", "product": { "name": "jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.src", "product_id": "jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi@1.18-4.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.src", "product": { "name": "jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.src", "product_id": "jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jsoup@1.12.1-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.src", "product": { "name": "jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.src", "product_id": "jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jsr-305@0-0.25.20130910svn.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.src", "product": { "name": "maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.src", "product_id": "maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven@3.6.2-6.module%2Bel8.4.0%2B9250%2B1786af37?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.src", "product": { "name": "maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.src", "product_id": "maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver@1.4.1-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.src", "product": { "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.src", "product_id": "maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-shared-utils@3.2.1-0.5.module%2Bel8.4.0%2B15048%2Bbdaf849b?arch=src" } } }, { "category": "product_version", "name": "maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.src", "product": { "name": "maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.src", "product_id": "maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-wagon@3.3.4-2.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.src", "product": { "name": "plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.src", "product_id": "plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-cipher@1.7-17.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.src", "product": { "name": "plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.src", "product_id": "plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-classworlds@2.6.0-4.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "plexus-containers-0:2.1.0-2.module+el8.3.0+6804+157bd82e.src", "product": { "name": "plexus-containers-0:2.1.0-2.module+el8.3.0+6804+157bd82e.src", "product_id": "plexus-containers-0:2.1.0-2.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-containers@2.1.0-2.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.src", "product": { "name": "plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.src", "product_id": "plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-interpolation@1.26-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.src", "product": { "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.src", "product_id": "plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-sec-dispatcher@1.4-29.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.src", "product": { "name": "plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.src", "product_id": "plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-utils@3.3.0-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.src", "product": { "name": "sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.src", "product_id": "sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/sisu@0.3.4-2.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.src", "product": { "name": "slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.src", "product_id": "slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j@1.7.28-3.module%2Bel8.3.0%2B6804%2B157bd82e?arch=src" } } }, { "category": "product_version", "name": "aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.src", "product_id": "aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/aopalliance@1.0-20.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.src", "product_id": "apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-cli@1.4-7.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.src", "product_id": "apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-codec@1.13-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.src", "product_id": "apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-io@2.6-6.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.src", "product_id": "apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-lang3@3.9-4.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.src", "product_id": "atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atinject@1-31.20100611svn86.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.src", "product_id": "cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cdi-api@2.0.1-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.src", "product_id": "geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-annotation@1.0-26.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.src", "product_id": "google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/google-guice@4.2.2-4.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.src", "product_id": "guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/guava@28.1-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.src", "product_id": "httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-client@4.5.10-4.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.src", "product_id": "httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-core@4.4.12-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.src", "product_id": "jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi@1.18-4.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.src", "product_id": "jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jsoup@1.12.1-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.src", "product_id": "jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jsr-305@0-0.25.20130910svn.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.src", "product_id": "maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven@3.6.2-7.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.src", "product_id": "maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver@1.4.1-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.src", "product": { "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.src", "product_id": "maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-shared-utils@3.2.1-0.5.module%2Bel8.6.0%2B15049%2B43453910?arch=src" } } }, { "category": "product_version", "name": "maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.src", "product_id": "maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-wagon@3.3.4-2.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.src", "product_id": "plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-cipher@1.7-17.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.src", "product_id": "plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-classworlds@2.6.0-4.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "plexus-containers-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "plexus-containers-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.src", "product_id": "plexus-containers-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-containers@2.1.0-2.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.src", "product_id": "plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-interpolation@1.26-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.src", "product_id": "plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-sec-dispatcher@1.4-29.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.src", "product_id": "plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-utils@3.3.0-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.src", "product_id": "sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/sisu@0.3.4-2.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.src", "product": { "name": "slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.src", "product_id": "slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j@1.7.28-3.module%2Bel8.6.0%2B13337%2Bafcb49ec?arch=src" } } }, { "category": "product_version", "name": "aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.src", "product": { "name": "aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.src", "product_id": "aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/aopalliance@1.0-20.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.src", "product": { "name": "apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.src", "product_id": "apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-cli@1.4-7.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.src", "product": { "name": "apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.src", "product_id": "apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-codec@1.13-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.src", "product": { "name": "apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.src", "product_id": "apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-io@2.6-6.module%2Bel8.2.0%2B5557%2B11a14461?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.src", "product": { "name": "apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.src", "product_id": "apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-lang3@3.9-4.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.src", "product": { "name": "atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.src", "product_id": "atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atinject@1-31.20100611svn86.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.src", "product": { "name": "cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.src", "product_id": "cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cdi-api@2.0.1-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.src", "product": { "name": "geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.src", "product_id": "geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-annotation@1.0-26.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.src", "product": { "name": "google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.src", "product_id": "google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/google-guice@4.2.2-4.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "guava-0:28.1-3.module+el8.2.0+5557+11a14461.src", "product": { "name": "guava-0:28.1-3.module+el8.2.0+5557+11a14461.src", "product_id": "guava-0:28.1-3.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/guava@28.1-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.src", "product": { "name": "httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.src", "product_id": "httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-client@4.5.10-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.src", "product": { "name": "httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.src", "product_id": "httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-core@4.4.12-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "jansi-0:1.18-4.module+el8.2.0+5557+11a14461.src", "product": { "name": "jansi-0:1.18-4.module+el8.2.0+5557+11a14461.src", "product_id": "jansi-0:1.18-4.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi@1.18-4.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.src", "product": { "name": "jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.src", "product_id": "jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jsoup@1.12.1-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.src", "product": { "name": "jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.src", "product_id": "jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jsr-305@0-0.25.20130910svn.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.src", "product": { "name": "maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.src", "product_id": "maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven@3.6.2-4.module%2Bel8.2.0%2B5560%2Bb953ed0b?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.src", "product": { "name": "maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.src", "product_id": "maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver@1.4.1-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.src", "product": { "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.src", "product_id": "maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-shared-utils@3.2.1-0.5.module%2Bel8.2.0%2B15047%2Bacf0c170?arch=src" } } }, { "category": "product_version", "name": "maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.src", "product": { "name": "maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.src", "product_id": "maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-wagon@3.3.4-2.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.src", "product": { "name": "plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.src", "product_id": "plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-cipher@1.7-17.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.src", "product": { "name": "plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.src", "product_id": "plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-classworlds@2.6.0-4.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "plexus-containers-0:2.1.0-2.module+el8.2.0+5557+11a14461.src", "product": { "name": "plexus-containers-0:2.1.0-2.module+el8.2.0+5557+11a14461.src", "product_id": "plexus-containers-0:2.1.0-2.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-containers@2.1.0-2.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.src", "product": { "name": "plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.src", "product_id": "plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-interpolation@1.26-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.src", "product": { "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.src", "product_id": "plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-sec-dispatcher@1.4-29.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.src", "product": { "name": "plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.src", "product_id": "plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-utils@3.3.0-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.src", "product": { "name": "sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.src", "product_id": "sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/sisu@0.3.4-2.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } }, { "category": "product_version", "name": "slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.src", "product": { "name": "slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.src", "product_id": "slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j@1.7.28-3.module%2Bel8.2.0%2B5557%2B11a14461?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, "product_reference": "maven:3.6:8020020220428113059:6f73a675", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.src" }, "product_reference": "aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.src" }, "product_reference": "apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.src" }, "product_reference": "apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.src" }, "product_reference": "apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.src" }, "product_reference": "apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.src" }, "product_reference": "atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.src" }, "product_reference": "cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.src" }, "product_reference": "geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.src" }, "product_reference": "google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "guava-0:28.1-3.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:guava-0:28.1-3.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "guava-0:28.1-3.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "guava-0:28.1-3.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:guava-0:28.1-3.module+el8.2.0+5557+11a14461.src" }, "product_reference": "guava-0:28.1-3.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.src" }, "product_reference": "httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.src" }, "product_reference": "httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-0:1.18-4.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jansi-0:1.18-4.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "jansi-0:1.18-4.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-0:1.18-4.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jansi-0:1.18-4.module+el8.2.0+5557+11a14461.src" }, "product_reference": "jansi-0:1.18-4.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "jcl-over-slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jcl-over-slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "jcl-over-slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.src" }, "product_reference": "jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.src" }, "product_reference": "jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch" }, "product_reference": "maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.src" }, "product_reference": "maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "maven-lib-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-lib-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch" }, "product_reference": "maven-lib-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "maven-openjdk11-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-openjdk11-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch" }, "product_reference": "maven-openjdk11-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "maven-openjdk8-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-openjdk8-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch" }, "product_reference": "maven-openjdk8-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.src" }, "product_reference": "maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.noarch" }, "product_reference": "maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.src" }, "product_reference": "maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.src" }, "product_reference": "maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.src" }, "product_reference": "plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.src" }, "product_reference": "plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-containers-0:2.1.0-2.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-containers-0:2.1.0-2.module+el8.2.0+5557+11a14461.src" }, "product_reference": "plexus-containers-0:2.1.0-2.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-containers-component-annotations-0:2.1.0-2.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-containers-component-annotations-0:2.1.0-2.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "plexus-containers-component-annotations-0:2.1.0-2.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.src" }, "product_reference": "plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.src" }, "product_reference": "plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.src" }, "product_reference": "plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.src" }, "product_reference": "sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch" }, "product_reference": "slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.src as a component of maven:3.6:8020020220428113059:6f73a675 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.src" }, "product_reference": "slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675" }, { "category": "default_component_of", "full_product_name": { "name": "maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, "product_reference": "maven:3.6:8040020220428113925:2bbcd66f", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "guava-0:28.1-3.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:guava-0:28.1-3.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "guava-0:28.1-3.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "guava-0:28.1-3.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:guava-0:28.1-3.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "guava-0:28.1-3.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "jcl-over-slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jcl-over-slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "jcl-over-slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch" }, "product_reference": "maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.src" }, "product_reference": "maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "maven-lib-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-lib-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch" }, "product_reference": "maven-lib-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "maven-openjdk11-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-openjdk11-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch" }, "product_reference": "maven-openjdk11-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "maven-openjdk8-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-openjdk8-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch" }, "product_reference": "maven-openjdk8-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.noarch" }, "product_reference": "maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.src" }, "product_reference": "maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-containers-0:2.1.0-2.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-containers-0:2.1.0-2.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "plexus-containers-0:2.1.0-2.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-containers-component-annotations-0:2.1.0-2.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-containers-component-annotations-0:2.1.0-2.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "plexus-containers-component-annotations-0:2.1.0-2.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch" }, "product_reference": "slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.src as a component of maven:3.6:8040020220428113925:2bbcd66f as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.src" }, "product_reference": "slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f" }, { "category": "default_component_of", "full_product_name": { "name": "maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, "product_reference": "maven:3.6:8060020220428115217:32bfc089", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "jcl-over-slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jcl-over-slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "jcl-over-slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "maven-lib-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-lib-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "maven-lib-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "maven-openjdk11-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-openjdk11-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "maven-openjdk11-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "maven-openjdk17-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-openjdk17-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "maven-openjdk17-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "maven-openjdk8-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-openjdk8-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "maven-openjdk8-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.noarch" }, "product_reference": "maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.src" }, "product_reference": "maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-containers-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-containers-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "plexus-containers-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-containers-component-annotations-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-containers-component-annotations-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "plexus-containers-component-annotations-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch" }, "product_reference": "slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.src as a component of maven:3.6:8060020220428115217:32bfc089 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.src" }, "product_reference": "slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:guava-0:28.1-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:guava-0:28.1-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jansi-0:1.18-4.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jansi-0:1.18-4.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jcl-over-slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-lib-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-openjdk11-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-openjdk8-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-containers-0:2.1.0-2.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-containers-component-annotations-0:2.1.0-2.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:guava-0:28.1-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:guava-0:28.1-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jcl-over-slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-lib-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-openjdk11-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-openjdk8-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-containers-0:2.1.0-2.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-containers-component-annotations-0:2.1.0-2.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jcl-over-slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-lib-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-openjdk11-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-openjdk17-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-openjdk8-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-containers-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-containers-component-annotations-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-30T12:51:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:guava-0:28.1-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:guava-0:28.1-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jansi-0:1.18-4.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jansi-0:1.18-4.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jcl-over-slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-lib-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-openjdk11-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-openjdk8-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-containers-0:2.1.0-2.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-containers-component-annotations-0:2.1.0-2.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:guava-0:28.1-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:guava-0:28.1-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jcl-over-slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-lib-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-openjdk11-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-openjdk8-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-containers-0:2.1.0-2.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-containers-component-annotations-0:2.1.0-2.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jcl-over-slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-lib-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-openjdk11-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-openjdk17-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-openjdk8-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-containers-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-containers-component-annotations-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4797" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:aopalliance-0:1.0-20.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-cli-0:1.4-7.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-codec-0:1.13-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-io-1:2.6-6.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:apache-commons-lang3-0:3.9-4.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:atinject-0:1-31.20100611svn86.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:cdi-api-0:2.0.1-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:geronimo-annotation-0:1.0-26.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:google-guice-0:4.2.2-4.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:guava-0:28.1-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:guava-0:28.1-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:httpcomponents-client-0:4.5.10-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:httpcomponents-core-0:4.4.12-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jansi-0:1.18-4.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jansi-0:1.18-4.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jcl-over-slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jsoup-0:1.12.1-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:jsr-305-0:0-0.25.20130910svn.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-lib-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-openjdk11-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-openjdk8-1:3.6.2-4.module+el8.2.0+5560+b953ed0b.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-resolver-0:1.4.1-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-shared-utils-0:3.2.1-0.5.module+el8.2.0+15047+acf0c170.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:maven-wagon-0:3.3.4-2.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-cipher-0:1.7-17.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-classworlds-0:2.6.0-4.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-containers-0:2.1.0-2.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-containers-component-annotations-0:2.1.0-2.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-interpolation-0:1.26-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-sec-dispatcher-0:1.4-29.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:plexus-utils-0:3.3.0-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:sisu-0:0.3.4-2.module+el8.2.0+5557+11a14461.src", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.noarch", "AppStream-8.2.0.Z.EUS:maven:3.6:8020020220428113059:6f73a675:slf4j-0:1.7.28-3.module+el8.2.0+5557+11a14461.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:aopalliance-0:1.0-20.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-cli-0:1.4-7.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-codec-0:1.13-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-io-1:2.6-6.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:apache-commons-lang3-0:3.9-4.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:atinject-0:1-31.20100611svn86.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:cdi-api-0:2.0.1-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:geronimo-annotation-0:1.0-26.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:google-guice-0:4.2.2-4.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:guava-0:28.1-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:guava-0:28.1-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:httpcomponents-client-0:4.5.10-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:httpcomponents-core-0:4.4.12-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jansi-0:1.18-4.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jcl-over-slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jsoup-0:1.12.1-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:jsr-305-0:0-0.25.20130910svn.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-1:3.6.2-6.module+el8.4.0+9250+1786af37.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-lib-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-openjdk11-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-openjdk8-1:3.6.2-6.module+el8.4.0+9250+1786af37.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-resolver-0:1.4.1-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-shared-utils-0:3.2.1-0.5.module+el8.4.0+15048+bdaf849b.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:maven-wagon-0:3.3.4-2.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-cipher-0:1.7-17.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-classworlds-0:2.6.0-4.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-containers-0:2.1.0-2.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-containers-component-annotations-0:2.1.0-2.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-interpolation-0:1.26-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-sec-dispatcher-0:1.4-29.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:plexus-utils-0:3.3.0-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:sisu-0:0.3.4-2.module+el8.3.0+6804+157bd82e.src", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.noarch", "AppStream-8.4.0.Z.EUS:maven:3.6:8040020220428113925:2bbcd66f:slf4j-0:1.7.28-3.module+el8.3.0+6804+157bd82e.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:aopalliance-0:1.0-20.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-cli-0:1.4-7.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-codec-0:1.13-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-io-1:2.6-6.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:apache-commons-lang3-0:3.9-4.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:atinject-0:1-31.20100611svn86.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:cdi-api-0:2.0.1-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:geronimo-annotation-0:1.0-26.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:google-guice-0:4.2.2-4.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:guava-0:28.1-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:httpcomponents-client-0:4.5.10-4.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:httpcomponents-core-0:4.4.12-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jansi-0:1.18-4.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jcl-over-slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jsoup-0:1.12.1-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:jsr-305-0:0-0.25.20130910svn.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-lib-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-openjdk11-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-openjdk17-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-openjdk8-1:3.6.2-7.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-resolver-0:1.4.1-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-shared-utils-0:3.2.1-0.5.module+el8.6.0+15049+43453910.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:maven-wagon-0:3.3.4-2.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-cipher-0:1.7-17.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-classworlds-0:2.6.0-4.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-containers-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-containers-component-annotations-0:2.1.0-2.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-interpolation-0:1.26-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-sec-dispatcher-0:1.4-29.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:plexus-utils-0:3.3.0-3.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:sisu-0:0.3.4-2.module+el8.6.0+13337+afcb49ec.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.6:8060020220428115217:32bfc089:slf4j-0:1.7.28-3.module+el8.6.0+13337+afcb49ec.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" } ] }
rhsa-2023_3610
Vulnerability from csaf_redhat
Published
2023-06-15 00:17
Modified
2024-11-15 13:34
Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Notes
Topic
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)
* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)
* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)
* Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)
* Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)
* jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)\n\n* jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877)\n\n* Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)\n\n* Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)\n\n* jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:3610", "url": "https://access.redhat.com/errata/RHSA-2023:3610" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "2119646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119646" }, { "category": "external", "summary": "2119647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119647" }, { "category": "external", "summary": "2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "2178358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178358" }, { "category": "external", "summary": "2180528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528" }, { "category": "external", "summary": "2180530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530" }, { "category": "external", "summary": "2185707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185707" }, { "category": "external", "summary": "2188542", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542" }, { "category": "external", "summary": "2207830", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207830" }, { "category": "external", "summary": "2207835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207835" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3610.json" } ], "title": "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update", "tracking": { "current_release_date": "2024-11-15T13:34:57+00:00", "generator": { "date": "2024-11-15T13:34:57+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:3610", "initial_release_date": "2023-06-15T00:17:42+00:00", "revision_history": [ { "date": "2023-06-15T00:17:42+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-06-15T00:17:42+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T13:34:57+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.12", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.401.1.1686649641-3.el8.src", "product": { "name": "jenkins-0:2.401.1.1686649641-3.el8.src", "product_id": "jenkins-0:2.401.1.1686649641-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.401.1.1686649641-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.12.1686649756-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.12.1686649756-1.el8.src", "product_id": "jenkins-2-plugins-0:4.12.1686649756-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1686649756-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.401.1.1686649641-3.el8.noarch", "product": { "name": "jenkins-0:2.401.1.1686649641-3.el8.noarch", "product_id": "jenkins-0:2.401.1.1686649641-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.401.1.1686649641-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1686649756-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.401.1.1686649641-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch" }, "product_reference": "jenkins-0:2.401.1.1686649641-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.401.1.1686649641-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" }, "product_reference": "jenkins-0:2.401.1.1686649641-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.12.1686649756-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.12.1686649756-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.12" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-46877", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-04-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2185707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-46877" }, { "category": "external", "summary": "RHBZ#2185707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-46877", "url": "https://www.cve.org/CVERecord?id=CVE-2021-46877" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46877", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46877" } ], "release_date": "2023-03-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T00:17:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3610" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode" }, { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T00:17:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3610" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" }, { "cve": "CVE-2022-30953", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "discovery_date": "2022-08-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2119646" } ], "notes": [ { "category": "description", "text": "A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.", "title": "Vulnerability description" }, { "category": "summary", "text": "plugin: CSRF vulnerability in Blue Ocean Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30953" }, { "category": "external", "summary": "RHBZ#2119646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119646" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30953", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30953" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30953", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30953" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T00:17:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3610" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "plugin: CSRF vulnerability in Blue Ocean Plugin" }, { "cve": "CVE-2022-30954", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "discovery_date": "2022-08-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2119647" } ], "notes": [ { "category": "description", "text": "Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.", "title": "Vulnerability description" }, { "category": "summary", "text": "plugin: missing permission checks in Blue Ocean Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30954" }, { "category": "external", "summary": "RHBZ#2119647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119647" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30954", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30954" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30954", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30954" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T00:17:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3610" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "plugin: missing permission checks in Blue Ocean Plugin" }, { "cve": "CVE-2022-40149", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-10-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135771" } ], "notes": [ { "category": "description", "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: parser crash by stackoverflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40149" }, { "category": "external", "summary": "RHBZ#2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T00:17:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3610" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: parser crash by stackoverflow" }, { "cve": "CVE-2022-40150", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-10-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135770" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: memory exhaustion via user-supplied XML or JSON data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40150" }, { "category": "external", "summary": "RHBZ#2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T00:17:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3610" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jettison: memory exhaustion via user-supplied XML or JSON data" }, { "cve": "CVE-2022-45693", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-12-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2155970" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jettison, where it is vulnerable to a denial of service caused by a stack-based buffer overflow. By sending a specially-crafted request using the map parameter, a remote attacker can cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat has determined the impact of this flaw to be Moderate; a successful attack using this flaw would require the processing of untrusted, unsanitized, or unrestricted user inputs, which runs counter to established Red Hat security practices.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45693" }, { "category": "external", "summary": "RHBZ#2155970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45693", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45693" } ], "release_date": "2022-12-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T00:17:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3610" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: If the value in map is the map\u0027s self, the new new JSONObject(map) cause StackOverflowError which may lead to dos" }, { "cve": "CVE-2023-1370", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2023-04-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2188542" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", "title": "Vulnerability description" }, { "category": "summary", "text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1370" }, { "category": "external", "summary": "RHBZ#2188542", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-493p-pfq6-5258", "url": "https://github.com/advisories/GHSA-493p-pfq6-5258" }, { "category": "external", "summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", "url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/" } ], "release_date": "2023-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T00:17:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3610" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)" }, { "cve": "CVE-2023-20860", "cwe": { "id": "CWE-155", "name": "Improper Neutralization of Wildcards or Matching Symbols" }, "discovery_date": "2023-03-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2180528" } ], "notes": [ { "category": "description", "text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-20860" }, { "category": "external", "summary": "RHBZ#2180528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20860" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860" }, { "category": "external", "summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", "url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861" } ], "release_date": "2023-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T00:17:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3610" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern" }, { "cve": "CVE-2023-20861", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-03-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2180530" } ], "notes": [ { "category": "description", "text": "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: Spring Expression DoS Vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-20861" }, { "category": "external", "summary": "RHBZ#2180530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20861", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20861" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861" }, { "category": "external", "summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", "url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861" } ], "release_date": "2023-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T00:17:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3610" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "springframework: Spring Expression DoS Vulnerability" }, { "cve": "CVE-2023-24422", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-01-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164278" } ], "notes": [ { "category": "description", "text": "A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as out of support scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24422" }, { "category": "external", "summary": "RHBZ#2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24422", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24422" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016", "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016" } ], "release_date": "2023-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T00:17:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3610" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin" }, { "cve": "CVE-2023-32977", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-05-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2207830" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins Pipeline: Job Plugin. Affected versions of Jenkins Pipeline: Job Plugin are vulnerable to Cross-site scripting caused by improper validation of user-supplied input. This flaw allows a remote authenticated attacker to inject malicious script into a Web page, which would then be executed in a victim\u0027s Web browser within the security context of the hosting Web site once the page is viewed. The attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won\u0027tfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-32977" }, { "category": "external", "summary": "RHBZ#2207830", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207830" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-32977", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32977" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32977", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32977" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042", "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042" } ], "release_date": "2023-05-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T00:17:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3610" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin" }, { "cve": "CVE-2023-32981", "discovery_date": "2023-05-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2207835" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing \"dot dot\" sequences (/../) to create or replace arbitrary files on the agent file system with attacker-specified content.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won\u0027tfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.401.1.1686649641-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-32981" }, { "category": "external", "summary": "RHBZ#2207835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207835" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-32981", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32981" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32981", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32981" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196", "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196" } ], "release_date": "2023-05-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T00:17:42+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3610" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1686649756-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin" } ] }
rhsa-2023_0573
Vulnerability from csaf_redhat
Published
2023-02-09 12:49
Modified
2024-11-15 13:22
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.9.55 security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.9.55 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.55. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2023:0574
Security Fix(es):
* maven-shared-utils: Command injection via Commandline class
(CVE-2022-29599)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel.
To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.9.55 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.55. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2023:0574\n\nSecurity Fix(es):\n\n* maven-shared-utils: Command injection via Commandline class\n(CVE-2022-29599)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. \n\nTo check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:0573", "url": "https://access.redhat.com/errata/RHSA-2023:0573" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0573.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.9.55 security update", "tracking": { "current_release_date": "2024-11-15T13:22:30+00:00", "generator": { "date": "2024-11-15T13:22:30+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:0573", "initial_release_date": "2023-02-09T12:49:54+00:00", "revision_history": [ { "date": "2023-02-09T12:49:54+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-02-09T12:49:54+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T13:22:30+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.9", "product": { "name": "Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.9::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "jenkins-2-plugins-0:4.9.1674644684-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.9.1674644684-1.el8.src", "product_id": "jenkins-2-plugins-0:4.9.1674644684-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.9.1674644684-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-2-plugins-0:4.9.1674644684-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.9.1674644684-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.9.1674644684-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.9.1674644684-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.9.1674644684-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1674644684-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.9.1674644684-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.9" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.9.1674644684-1.el8.src as a component of Red Hat OpenShift Container Platform 4.9", "product_id": "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1674644684-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.9.1674644684-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.9" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1674644684-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1674644684-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-02-09T12:49:54+00:00", "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html", "product_ids": [ "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1674644684-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1674644684-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0573" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1674644684-1.el8.noarch", "8Base-RHOSE-4.9:jenkins-2-plugins-0:4.9.1674644684-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" } ] }
rhsa-2022_4798
Vulnerability from csaf_redhat
Published
2022-05-30 13:15
Modified
2024-11-15 13:02
Summary
Red Hat Security Advisory: maven:3.5 security update
Notes
Topic
An update for the maven:3.5 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Extended Update Support, and Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.
Security Fix(es):
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the maven:3.5 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Extended Update Support, and Red Hat Enterprise Linux 8.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.\n\nSecurity Fix(es):\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4798", "url": "https://access.redhat.com/errata/RHSA-2022:4798" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4798.json" } ], "title": "Red Hat Security Advisory: maven:3.5 security update", "tracking": { "current_release_date": "2024-11-15T13:02:12+00:00", "generator": { "date": "2024-11-15T13:02:12+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:4798", "initial_release_date": "2022-05-30T13:15:13+00:00", "revision_history": [ { "date": "2022-05-30T13:15:13+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-30T13:15:13+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T13:02:12+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product": { "name": "Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:8.2::appstream" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product": { "name": "Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_eus:8.4::appstream" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product": { "name": "Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS", "product_identification_helper": { "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "maven:3.5:8020020220428105255:1f11a1d9", "product": { "name": "maven:3.5:8020020220428105255:1f11a1d9", "product_id": "maven:3.5:8020020220428105255:1f11a1d9", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/maven@3.5:8020020220428105255:1f11a1d9" } } }, { "category": "product_version", "name": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "product": { "name": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "product_id": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/aopalliance@1.0-17.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "product": { "name": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "product_id": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-cli@1.4-4.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "product": { "name": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "product_id": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-codec@1.11-3.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "product": { "name": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "product_id": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-io@2.6-3.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "product": { "name": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "product_id": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-lang3@3.7-3.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "product": { "name": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "product_id": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-logging@1.2-13.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "product": { "name": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "product_id": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atinject@1-28.20100611svn86.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "product": { "name": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "product_id": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/cdi-api@1.2-8.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "product": { "name": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "product_id": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-annotation@1.0-23.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "product": { "name": "glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "product_id": "glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-el-api@3.0.1-0.7.b08.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "product": { "name": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "product_id": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/google-guice@4.1-11.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "product": { "name": "guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "product_id": "guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/guava20@20.0-8.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "product": { "name": "hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "product_id": "hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hawtjni-runtime@1.16-2.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "product": { "name": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "product_id": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-client@4.5.5-4.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "product": { "name": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "product_id": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-core@4.4.10-3.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "product": { "name": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "product_id": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi@1.17.1-1.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "product": { "name": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "product_id": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-interceptors-1.2-api@1.0.0-8.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "product": { "name": "jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "product_id": "jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jcl-over-slf4j@1.7.25-4.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "product": { "name": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "product_id": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jsoup@1.11.3-3.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "product_id": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven@3.5.4-5.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "product_id": "maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-lib@3.5.4-5.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_id": "maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver-api@1.1.1-2.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_id": "maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver-connector-basic@1.1.1-2.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_id": "maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver-impl@1.1.1-2.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_id": "maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver-spi@1.1.1-2.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_id": "maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver-transport-wagon@1.1.1-2.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_id": "maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver-util@1.1.1-2.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.noarch", "product": { "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.noarch", "product_id": "maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-shared-utils@3.2.1-0.2.module%2Bel8.2.0%2B15046%2Bb52d227a?arch=noarch" } } }, { "category": "product_version", "name": "maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product_id": "maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-wagon-file@3.1.0-1.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product_id": "maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-wagon-http@3.1.0-1.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product_id": "maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-wagon-http-shared@3.1.0-1.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product_id": "maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-wagon-provider-api@3.1.0-1.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "product": { "name": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "product_id": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-cipher@1.7-14.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "product": { "name": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "product_id": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-classworlds@2.5.2-9.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "product": { "name": "plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "product_id": "plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-containers-component-annotations@1.7.1-8.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "product": { "name": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "product_id": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-interpolation@1.22-9.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "product": { "name": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "product_id": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-sec-dispatcher@1.4-26.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "product": { "name": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "product_id": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-utils@3.1.0-3.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "product": { "name": "sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "product_id": "sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/sisu-inject@0.3.3-6.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "product": { "name": "sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "product_id": "sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/sisu-plexus@0.3.3-6.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "product": { "name": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "product_id": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "maven:3.5:8040020220428105311:b9dd3217", "product": { "name": "maven:3.5:8040020220428105311:b9dd3217", "product_id": "maven:3.5:8040020220428105311:b9dd3217", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/maven@3.5:8040020220428105311:b9dd3217" } } }, { "category": "product_version", "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.noarch", "product": { "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.noarch", "product_id": "maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-shared-utils@3.2.1-0.2.module%2Bel8.4.0%2B15140%2B8e8c2c6f?arch=noarch" } } }, { "category": "product_version", "name": "maven:3.5:8060020220428102527:219351c9", "product": { "name": "maven:3.5:8060020220428102527:219351c9", "product_id": "maven:3.5:8060020220428102527:219351c9", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/maven@3.5:8060020220428102527:219351c9" } } }, { "category": "product_version", "name": "httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.noarch", "product": { "name": "httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.noarch", "product_id": "httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-client@4.5.5-5.module%2Bel8.6.0%2B13298%2B7b5243c0?arch=noarch" } } }, { "category": "product_version", "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.noarch", "product": { "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.noarch", "product_id": "maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-shared-utils@3.2.1-0.2.module%2Bel8.6.0%2B15045%2Bb1156105?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "product": { "name": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "product_id": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/aopalliance@1.0-17.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "product": { "name": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "product_id": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-cli@1.4-4.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "product": { "name": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "product_id": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-codec@1.11-3.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "product": { "name": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "product_id": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-io@2.6-3.module%2Bel8%2B2452%2Bb359bfcd?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "product": { "name": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "product_id": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-lang3@3.7-3.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "product": { "name": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "product_id": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-logging@1.2-13.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "product": { "name": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "product_id": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atinject@1-28.20100611svn86.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "product": { "name": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "product_id": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cdi-api@1.2-8.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "product": { "name": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "product_id": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-annotation@1.0-23.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "product": { "name": "glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "product_id": "glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-el@3.0.1-0.7.b08.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "product": { "name": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "product_id": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/google-guice@4.1-11.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "product": { "name": "guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "product_id": "guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/guava20@20.0-8.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "product": { "name": "hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "product_id": "hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hawtjni@1.16-2.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "product": { "name": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "product_id": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-client@4.5.5-4.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "product": { "name": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "product_id": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-core@4.4.10-3.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "product": { "name": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "product_id": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi@1.17.1-1.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "product": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "product_id": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi-native@1.7-7.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "product": { "name": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "product_id": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-interceptors-1.2-api@1.0.0-8.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "product": { "name": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "product_id": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jsoup@1.11.3-3.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "product": { "name": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "product_id": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven@3.5.4-5.module%2Bel8%2B2452%2Bb359bfcd?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "product": { "name": "maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "product_id": "maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver@1.1.1-2.module%2Bel8%2B2452%2Bb359bfcd?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.src", "product": { "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.src", "product_id": "maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-shared-utils@3.2.1-0.2.module%2Bel8.2.0%2B15046%2Bb52d227a?arch=src" } } }, { "category": "product_version", "name": "maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "product": { "name": "maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "product_id": "maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-wagon@3.1.0-1.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "product": { "name": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "product_id": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-cipher@1.7-14.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "product": { "name": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "product_id": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-classworlds@2.5.2-9.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "product": { "name": "plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "product_id": "plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-containers@1.7.1-8.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "product": { "name": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "product_id": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-interpolation@1.22-9.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "product": { "name": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "product_id": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-sec-dispatcher@1.4-26.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "product": { "name": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "product_id": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-utils@3.1.0-3.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "product": { "name": "sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "product_id": "sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/sisu@0.3.3-6.module%2Bel8%2B2452%2Bb359bfcd?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src", "product": { "name": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src", "product_id": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.src", "product": { "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.src", "product_id": "maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-shared-utils@3.2.1-0.2.module%2Bel8.4.0%2B15140%2B8e8c2c6f?arch=src" } } }, { "category": "product_version", "name": "httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.src", "product": { "name": "httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.src", "product_id": "httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-client@4.5.5-5.module%2Bel8.6.0%2B13298%2B7b5243c0?arch=src" } } }, { "category": "product_version", "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.src", "product": { "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.src", "product_id": "maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-shared-utils@3.2.1-0.2.module%2Bel8.6.0%2B15045%2Bb1156105?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64", "product": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64", "product_id": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi-native@1.7-7.module%2Bel8%2B2452%2Bb359bfcd?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "product": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "product_id": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi-native@1.7-7.module%2Bel8%2B2452%2Bb359bfcd?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x", "product": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x", "product_id": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi-native@1.7-7.module%2Bel8%2B2452%2Bb359bfcd?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "product": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "product_id": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi-native@1.7-7.module%2Bel8%2B2452%2Bb359bfcd?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, "product_reference": "maven:3.5:8020020220428105255:1f11a1d9", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch" }, "product_reference": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src" }, "product_reference": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch" }, "product_reference": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src" }, "product_reference": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch" }, "product_reference": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src" }, "product_reference": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch" }, "product_reference": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src" }, "product_reference": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src" }, "product_reference": "glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch" }, "product_reference": "glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch" }, "product_reference": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:google-guice-0:4.1-11.module+el8+2452+b359bfcd.src" }, "product_reference": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch" }, "product_reference": "guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "guava20-0:20.0-8.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:guava20-0:20.0-8.module+el8+2452+b359bfcd.src" }, "product_reference": "guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src" }, "product_reference": "hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch" }, "product_reference": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src" }, "product_reference": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src" }, "product_reference": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src" }, "product_reference": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64 as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64 as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch" }, "product_reference": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src" }, "product_reference": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch" }, "product_reference": "jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src" }, "product_reference": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-1:3.5.4-5.module+el8+2452+b359bfcd.src" }, "product_reference": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src" }, "product_reference": "maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.noarch" }, "product_reference": "maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.src" }, "product_reference": "maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src" }, "product_reference": "maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src" }, "product_reference": "sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch" }, "product_reference": "sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch" }, "product_reference": "sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch" }, "product_reference": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src as a component of maven:3.5:8020020220428105255:1f11a1d9 as a component of Red Hat Enterprise Linux AppStream EUS (v. 8.2)", "product_id": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src" }, "product_reference": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9" }, { "category": "default_component_of", "full_product_name": { "name": "maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, "product_reference": "maven:3.5:8040020220428105311:b9dd3217", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch" }, "product_reference": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src" }, "product_reference": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch" }, "product_reference": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src" }, "product_reference": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch" }, "product_reference": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src" }, "product_reference": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch" }, "product_reference": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src" }, "product_reference": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src" }, "product_reference": "glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch" }, "product_reference": "glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch" }, "product_reference": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:google-guice-0:4.1-11.module+el8+2452+b359bfcd.src" }, "product_reference": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch" }, "product_reference": "guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "guava20-0:20.0-8.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:guava20-0:20.0-8.module+el8+2452+b359bfcd.src" }, "product_reference": "guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src" }, "product_reference": "hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch" }, "product_reference": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src" }, "product_reference": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src" }, "product_reference": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src" }, "product_reference": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64 as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64 as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch" }, "product_reference": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src" }, "product_reference": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch" }, "product_reference": "jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src" }, "product_reference": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-1:3.5.4-5.module+el8+2452+b359bfcd.src" }, "product_reference": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src" }, "product_reference": "maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.noarch" }, "product_reference": "maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.src" }, "product_reference": "maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src" }, "product_reference": "maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src" }, "product_reference": "sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch" }, "product_reference": "sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch" }, "product_reference": "sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch" }, "product_reference": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src as a component of maven:3.5:8040020220428105311:b9dd3217 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)", "product_id": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src" }, "product_reference": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217" }, { "category": "default_component_of", "full_product_name": { "name": "maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, "product_reference": "maven:3.5:8060020220428102527:219351c9", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS" }, { "category": "default_component_of", "full_product_name": { "name": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch" }, "product_reference": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src" }, "product_reference": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch" }, "product_reference": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src" }, "product_reference": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch" }, "product_reference": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src" }, "product_reference": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch" }, "product_reference": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src" }, "product_reference": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src" }, "product_reference": "glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch" }, "product_reference": "glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch" }, "product_reference": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:google-guice-0:4.1-11.module+el8+2452+b359bfcd.src" }, "product_reference": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch" }, "product_reference": "guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "guava20-0:20.0-8.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:guava20-0:20.0-8.module+el8+2452+b359bfcd.src" }, "product_reference": "guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src" }, "product_reference": "hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.noarch" }, "product_reference": "httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.src" }, "product_reference": "httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src" }, "product_reference": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src" }, "product_reference": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64 as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64 as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch" }, "product_reference": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src" }, "product_reference": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch" }, "product_reference": "jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src" }, "product_reference": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-1:3.5.4-5.module+el8+2452+b359bfcd.src" }, "product_reference": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src" }, "product_reference": "maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.noarch" }, "product_reference": "maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.src" }, "product_reference": "maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src" }, "product_reference": "maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src" }, "product_reference": "sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch" }, "product_reference": "sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch" }, "product_reference": "sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch" }, "product_reference": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src as a component of maven:3.5:8060020220428102527:219351c9 as a component of Red Hat Enterprise Linux AppStream (v. 8)", "product_id": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src" }, "product_reference": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-30T13:15:13+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4798" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-shared-utils-0:3.2.1-0.2.module+el8.2.0+15046+b52d227a.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.2.0.Z.EUS:maven:3.5:8020020220428105255:1f11a1d9:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-shared-utils-0:3.2.1-0.2.module+el8.4.0+15140+8e8c2c6f.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.4.0.Z.EUS:maven:3.5:8040020220428105311:b9dd3217:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:httpcomponents-client-0:4.5.5-5.module+el8.6.0+13298+7b5243c0.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.aarch64", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.s390x", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-shared-utils-0:3.2.1-0.2.module+el8.6.0+15045+b1156105.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.6.0.Z.MAIN.EUS:maven:3.5:8060020220428102527:219351c9:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" } ] }
rhsa-2023_3198
Vulnerability from csaf_redhat
Published
2023-05-17 17:53
Modified
2024-11-15 15:07
Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Notes
Topic
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin (CVE-2022-43401)
* jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin (CVE-2022-43402)
* jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin (CVE-2022-43403)
* jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin (CVE-2022-43404)
* jenkins-plugin/pipeline-groovy-lib: Sandbox bypass vulnerability in Pipeline: Groovy Libraries Plugin (CVE-2022-43405)
* jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in Pipeline: Deprecated Groovy Libraries Plugin (CVE-2022-43406)
* maven: Block repositories using http by default (CVE-2021-26291)
* SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
* jenkins-plugin/pipeline-input-step: CSRF protection for any URL can be bypassed in Pipeline: Input Step Plugin (CVE-2022-43407)
* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)
* Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)
* Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954)
* jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View Plugin (CVE-2022-43408)
* jenkins-plugin/workflow-support: Stored XSS vulnerability in Pipeline: Supporting APIs Plugin (CVE-2022-43409)
* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)
* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)
* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin (CVE-2022-43401)\n\n* jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin (CVE-2022-43402)\n\n* jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin (CVE-2022-43403)\n\n* jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin (CVE-2022-43404)\n\n* jenkins-plugin/pipeline-groovy-lib: Sandbox bypass vulnerability in Pipeline: Groovy Libraries Plugin (CVE-2022-43405)\n\n* jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in Pipeline: Deprecated Groovy Libraries Plugin (CVE-2022-43406)\n\n* maven: Block repositories using http by default (CVE-2021-26291)\n\n* SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\n* jenkins-plugin/pipeline-input-step: CSRF protection for any URL can be bypassed in Pipeline: Input Step Plugin (CVE-2022-43407)\n\n* mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)\n\n* Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954)\n\n* jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View Plugin (CVE-2022-43408)\n\n* jenkins-plugin/workflow-support: Stored XSS vulnerability in Pipeline: Supporting APIs Plugin (CVE-2022-43409)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:3198", "url": "https://access.redhat.com/errata/RHSA-2023:3198" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "https://docs.openshift.com/container-platform/4.11/cicd/jenkins/important-changes-to-openshift-jenkins-images.html", "url": "https://docs.openshift.com/container-platform/4.11/cicd/jenkins/important-changes-to-openshift-jenkins-images.html" }, { "category": "external", "summary": "1955739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739" }, { "category": "external", "summary": "2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "2119646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119646" }, { "category": "external", "summary": "2119647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119647" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "2136370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136370" }, { "category": "external", "summary": "2136374", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136374" }, { "category": "external", "summary": "2136379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136379" }, { "category": "external", "summary": "2136381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136381" }, { "category": "external", "summary": "2136382", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136382" }, { "category": "external", "summary": "2136383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136383" }, { "category": "external", "summary": "2136386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136386" }, { "category": "external", "summary": "2136388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136388" }, { "category": "external", "summary": "2136391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136391" }, { "category": "external", "summary": "2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "2170039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039" }, { "category": "external", "summary": "2170041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041" }, { "category": "external", "summary": "2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3198.json" } ], "title": "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update", "tracking": { "current_release_date": "2024-11-15T15:07:14+00:00", "generator": { "date": "2024-11-15T15:07:14+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:3198", "initial_release_date": "2023-05-17T17:53:04+00:00", "revision_history": [ { "date": "2023-05-17T17:53:04+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-05-17T17:53:04+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T15:07:14+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.11::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.387.1.1683009763-3.el8.src", "product": { "name": "jenkins-0:2.387.1.1683009763-3.el8.src", "product_id": "jenkins-0:2.387.1.1683009763-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.387.1.1683009763-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.11.1683009941-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.11.1683009941-1.el8.src", "product_id": "jenkins-2-plugins-0:4.11.1683009941-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1683009941-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.387.1.1683009763-3.el8.noarch", "product": { "name": "jenkins-0:2.387.1.1683009763-3.el8.noarch", "product_id": "jenkins-0:2.387.1.1683009763-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.387.1.1683009763-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1683009941-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.387.1.1683009763-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch" }, "product_reference": "jenkins-0:2.387.1.1683009763-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.387.1.1683009763-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" }, "product_reference": "jenkins-0:2.387.1.1683009763-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.11.1683009941-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.11.1683009941-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-26291", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-04-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1955739" } ], "notes": [ { "category": "description", "text": "A flaw was found in maven. Repositories that are defined in a dependency\u2019s Project Object Model (pom), which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven: Block repositories using http by default", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-26291" }, { "category": "external", "summary": "RHBZ#1955739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-26291", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26291" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291" }, { "category": "external", "summary": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291", "url": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291" } ], "release_date": "2021-04-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" }, { "category": "workaround", "details": "To avoid possible man-in-the-middle related attacks with this flaw, ensure any linked repositories in maven POMs use https and not http.", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "maven: Block repositories using http by default" }, { "cve": "CVE-2022-1471", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-12-01T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2150009" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE).", "title": "Vulnerability description" }, { "category": "summary", "text": "SnakeYaml: Constructor Deserialization Remote Code Execution", "title": "Vulnerability summary" }, { "category": "other", "text": "In the Red Hat Process Automation 7 (RHPAM) the untrusted, malicious YAML file for deserialization by the vulnerable Snakeyaml\u0027s SafeConstructor class must be provided intentionally by the RHPAM user which requires high privileges. The potential attack complexity is also high because it depends on conditions that are beyond the attacker\u0027s control. Due to that the impact for RHPAM is reduced to Low.\n\nRed Hat Fuse 7 does not expose by default any endpoint that passes incoming data/request into vulnerable Snakeyaml\u0027s Constructor class nor pass untrusted data to this class. When this class is used, it\u2019s still only used to parse internal configuration, hence the impact by this vulnerability to Red Hat Fuse 7 is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1471" }, { "category": "external", "summary": "RHBZ#2150009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1471", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471" }, { "category": "external", "summary": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2", "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "SnakeYaml: Constructor Deserialization Remote Code Execution" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" }, { "cve": "CVE-2022-30953", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "discovery_date": "2022-08-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2119646" } ], "notes": [ { "category": "description", "text": "A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.", "title": "Vulnerability description" }, { "category": "summary", "text": "plugin: CSRF vulnerability in Blue Ocean Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30953" }, { "category": "external", "summary": "RHBZ#2119646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119646" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30953", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30953" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30953", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30953" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "plugin: CSRF vulnerability in Blue Ocean Plugin" }, { "cve": "CVE-2022-30954", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "discovery_date": "2022-08-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2119647" } ], "notes": [ { "category": "description", "text": "Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.", "title": "Vulnerability description" }, { "category": "summary", "text": "plugin: missing permission checks in Blue Ocean Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30954" }, { "category": "external", "summary": "RHBZ#2119647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119647" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30954", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30954" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30954", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30954" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "plugin: missing permission checks in Blue Ocean Plugin" }, { "cve": "CVE-2022-42889", "cwe": { "id": "CWE-1188", "name": "Initialization of a Resource with an Insecure Default" }, "discovery_date": "2022-10-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135435" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-text: variable interpolation RCE", "title": "Vulnerability summary" }, { "category": "other", "text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42889" }, { "category": "external", "summary": "RHBZ#2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889" }, { "category": "external", "summary": "https://blogs.apache.org/security/entry/cve-2022-42889", "url": "https://blogs.apache.org/security/entry/cve-2022-42889" }, { "category": "external", "summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om" }, { "category": "external", "summary": "https://seclists.org/oss-sec/2022/q4/22", "url": "https://seclists.org/oss-sec/2022/q4/22" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" }, { "category": "workaround", "details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-text: variable interpolation RCE" }, { "cve": "CVE-2022-43401", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2022-10-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2136381" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and confidentiality of Jenkins.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43401" }, { "category": "external", "summary": "RHBZ#2136381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136381" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43401", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43401" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43401", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43401" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)" } ], "release_date": "2022-10-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin" }, { "cve": "CVE-2022-43402", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2022-10-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2136379" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and confidentiality of Jenkins.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43402" }, { "category": "external", "summary": "RHBZ#2136379", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136379" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43402", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43402" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43402", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43402" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)" } ], "release_date": "2022-10-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "jenkins-plugin/workflow-cps: Sandbox bypass vulnerabilities in Pipeline: Groovy Plugin" }, { "cve": "CVE-2022-43403", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2022-10-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2136382" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and confidentiality of Jenkins.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43403" }, { "category": "external", "summary": "RHBZ#2136382", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136382" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43403", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43403" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43403", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43403" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)" } ], "release_date": "2022-10-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin" }, { "cve": "CVE-2022-43404", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2022-10-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2136383" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and confidentiality of Jenkins.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43404" }, { "category": "external", "summary": "RHBZ#2136383", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136383" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43404", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43404" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43404", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43404" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)" } ], "release_date": "2022-10-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin" }, { "cve": "CVE-2022-43405", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2022-10-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2136374" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and confidentiality of Jenkins.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/pipeline-groovy-lib: Sandbox bypass vulnerability in Pipeline: Groovy Libraries Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43405" }, { "category": "external", "summary": "RHBZ#2136374", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136374" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43405", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43405" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43405", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43405" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)" } ], "release_date": "2022-10-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "jenkins-plugin/pipeline-groovy-lib: Sandbox bypass vulnerability in Pipeline: Groovy Libraries Plugin" }, { "cve": "CVE-2022-43406", "cwe": { "id": "CWE-693", "name": "Protection Mechanism Failure" }, "discovery_date": "2022-10-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2136370" } ], "notes": [ { "category": "description", "text": "A sandbox bypass vulnerability was found in several Jenkins plugins. This could allow an authenticated attacker to execute arbitrary code within the Jenkins JVM controller. Exploitation could be achieved by crafting untrusted libraries or pipelines, compromising the integrity, availability, and confidentiality of Jenkins.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in Pipeline: Deprecated Groovy Libraries Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43406" }, { "category": "external", "summary": "RHBZ#2136370", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136370" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43406", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43406" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43406", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43406" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)" } ], "release_date": "2022-10-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "jenkins-plugin/workflow-cps-global-lib: Sandbox bypass vulnerability in Pipeline: Deprecated Groovy Libraries Plugin" }, { "cve": "CVE-2022-43407", "cwe": { "id": "CWE-838", "name": "Inappropriate Encoding for Output Context" }, "discovery_date": "2022-10-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2136386" } ], "notes": [ { "category": "description", "text": "A cross-site request forgery (CSRF) vulnerability was found in a Jenkins plugin. This issue may allow an unauthenticated attacker to access Jenkins builds, bypassing CSRF protections. This could compromise the integrity, availability, and confidentiality of Jenkins.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/pipeline-input-step: CSRF protection for any URL can be bypassed in Pipeline: Input Step Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43407" }, { "category": "external", "summary": "RHBZ#2136386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136386" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43407", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43407" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43407", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43407" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2880" } ], "release_date": "2022-10-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-plugin/pipeline-input-step: CSRF protection for any URL can be bypassed in Pipeline: Input Step Plugin" }, { "cve": "CVE-2022-43408", "cwe": { "id": "CWE-838", "name": "Inappropriate Encoding for Output Context" }, "discovery_date": "2022-10-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2136388" } ], "notes": [ { "category": "description", "text": "A Cross-site request forgery (CSRF) vulnerability was found in a Jenkins plugin. This issue may allow an authenticated attacker to access Jenkins builds, bypassing CSRF protections.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43408" }, { "category": "external", "summary": "RHBZ#2136388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136388" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43408", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43408" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43408", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43408" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2828" } ], "release_date": "2022-10-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View Plugin" }, { "cve": "CVE-2022-43409", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2022-10-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2136391" } ], "notes": [ { "category": "description", "text": "A Cross-site scripting (XSS) vulnerability was found in a Jenkins plugin. This issue may allow an authenticated remote attacker to create Pipelines.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugin/workflow-support: Stored XSS vulnerability in Pipeline: Supporting APIs Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43409" }, { "category": "external", "summary": "RHBZ#2136391", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136391" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43409", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43409" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43409", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43409" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881", "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2881" } ], "release_date": "2022-10-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-plugin/workflow-support: Stored XSS vulnerability in Pipeline: Supporting APIs Plugin" }, { "cve": "CVE-2022-45047", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-11-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2145194" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server.", "title": "Vulnerability description" }, { "category": "summary", "text": "mina-sshd: Java unsafe deserialization vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Impact as High as there\u0027s a mitigation for minimizing the impact which the flaw requires org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to be impacted, which would require an external/public API for an attacker to benefit from it. \n\nRed Hat Fuse 7 and Red Hat JBoss Enterprise Application Platform 7 have a lower rate (moderate) as it\u0027s very unlikely to be exploited since those are for internal usage or use a custom implementation in their case.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45047" }, { "category": "external", "summary": "RHBZ#2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45047", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45047" }, { "category": "external", "summary": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html", "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html" } ], "release_date": "2022-11-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" }, { "category": "workaround", "details": "From the maintainer:\n\nFor Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of \nSimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser).", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "mina-sshd: Java unsafe deserialization vulnerability" }, { "cve": "CVE-2023-24422", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-01-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164278" } ], "notes": [ { "category": "description", "text": "A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as out of support scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24422" }, { "category": "external", "summary": "RHBZ#2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24422", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24422" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016", "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016" } ], "release_date": "2023-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin" }, { "cve": "CVE-2023-25761", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170039" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25761" }, { "category": "external", "summary": "RHBZ#2170039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25761", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25761" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin" }, { "cve": "CVE-2023-25762", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170041" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25762" }, { "category": "external", "summary": "RHBZ#2170041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25762", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25762" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin" }, { "cve": "CVE-2023-27903", "cwe": { "id": "CWE-266", "name": "Incorrect Privilege Assignment" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177632" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI\u2019s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Temporary file parameter created with insecure permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27903" }, { "category": "external", "summary": "RHBZ#2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27903", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27903" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Temporary file parameter created with insecure permissions" }, { "cve": "CVE-2023-27904", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177634" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Information disclosure through error stack traces related to agents", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1683009941-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27904" }, { "category": "external", "summary": "RHBZ#2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-05-17T17:53:04+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3198" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.387.1.1683009763-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Information disclosure through error stack traces related to agents" } ] }
rhsa-2023_6172
Vulnerability from csaf_redhat
Published
2023-10-30 11:24
Modified
2024-11-21 21:48
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update
Notes
Topic
An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.12.
Red Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
CVE-2023-27904 jenkins: Information disclosure through error stack traces related to agents
CVE-2023-27903 jenkins: Temporary file parameter created with insecure permissions
CVE-2023-25762 jenkins-2-plugins: jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin
CVE-2023-25761 jenkins-2-plugins: jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin
CVE-2022-25857 jenkins-2-plugins: snakeyaml: Denial of Service due to missing nested depth limitation for collections
CVE-2022-42889 jenkins-2-plugins: apache-commons-text: variable interpolation RCE
CVE-2020-7692 jenkins-2-plugins: google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization
CVE-2023-24422 jenkins-2-plugins: jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin
CVE-2023-25761 jenkins-2-plugins: jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin
CVE-2023-25762 jenkins-2-plugins: jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin
CVE-2022-42889 jenkins-2-plugins: apache-commons-text: variable interpolation RCE
CVE-2022-29599 jenkins-2-plugins: maven-shared-utils: Command injection via Commandline class
CVE-2023-39325 openshift-jenkins-2-container: golang: net/http, x/net/http2: rapid stream resets can cause excessive work
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.12.\nRed Hat Product Security has rated this update as having a security impact of important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\nCVE-2023-27904 jenkins: Information disclosure through error stack traces related to agents\nCVE-2023-27903 jenkins: Temporary file parameter created with insecure permissions\nCVE-2023-25762 jenkins-2-plugins: jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin\nCVE-2023-25761 jenkins-2-plugins: jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin\nCVE-2022-25857 jenkins-2-plugins: snakeyaml: Denial of Service due to missing nested depth limitation for collections \nCVE-2022-42889 jenkins-2-plugins: apache-commons-text: variable interpolation RCE\nCVE-2020-7692 jenkins-2-plugins: google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization\nCVE-2023-24422 jenkins-2-plugins: jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin\nCVE-2023-25761 jenkins-2-plugins: jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin\nCVE-2023-25762 jenkins-2-plugins: jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin\nCVE-2022-42889 jenkins-2-plugins: apache-commons-text: variable interpolation RCE\nCVE-2022-29599 jenkins-2-plugins: maven-shared-utils: Command injection via Commandline class\nCVE-2023-39325 openshift-jenkins-2-container: golang: net/http, x/net/http2: rapid stream resets can cause excessive work\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:6172", "url": "https://access.redhat.com/errata/RHSA-2023:6172" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "2136374", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136374" }, { "category": "external", "summary": "2136386", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136386" }, { "category": "external", "summary": "2136388", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136388" }, { "category": "external", "summary": "2145194", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2145194" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6172.json" } ], "title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update", "tracking": { "current_release_date": "2024-11-21T21:48:44+00:00", "generator": { "date": "2024-11-21T21:48:44+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:6172", "initial_release_date": "2023-10-30T11:24:00+00:00", "revision_history": [ { "date": "2023-10-30T11:24:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-10-30T11:24:00+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-21T21:48:44+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.12", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.414.3.1698293911-3.el8.src", "product": { "name": "jenkins-0:2.414.3.1698293911-3.el8.src", "product_id": "jenkins-0:2.414.3.1698293911-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.414.3.1698293911-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.12.1698294000-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.12.1698294000-1.el8.src", "product_id": "jenkins-2-plugins-0:4.12.1698294000-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1698294000-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.414.3.1698293911-3.el8.noarch", "product": { "name": "jenkins-0:2.414.3.1698293911-3.el8.noarch", "product_id": "jenkins-0:2.414.3.1698293911-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.414.3.1698293911-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1698294000-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.414.3.1698293911-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch" }, "product_reference": "jenkins-0:2.414.3.1698293911-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.414.3.1698293911-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" }, "product_reference": "jenkins-0:2.414.3.1698293911-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.12.1698294000-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.12.1698294000-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.12" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-7692", "cwe": { "id": "CWE-358", "name": "Improperly Implemented Security Check for Standard" }, "discovery_date": "2020-07-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1856376" } ], "notes": [ { "category": "description", "text": "PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.", "title": "Vulnerability description" }, { "category": "summary", "text": "google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-7692" }, { "category": "external", "summary": "RHBZ#1856376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856376" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7692", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7692" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7692", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7692" } ], "release_date": "2020-07-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:24:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6172" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:24:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6172" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:24:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6172" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" }, { "cve": "CVE-2022-42889", "cwe": { "id": "CWE-1188", "name": "Initialization of a Resource with an Insecure Default" }, "discovery_date": "2022-10-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135435" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-text: variable interpolation RCE", "title": "Vulnerability summary" }, { "category": "other", "text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42889" }, { "category": "external", "summary": "RHBZ#2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889" }, { "category": "external", "summary": "https://blogs.apache.org/security/entry/cve-2022-42889", "url": "https://blogs.apache.org/security/entry/cve-2022-42889" }, { "category": "external", "summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om" }, { "category": "external", "summary": "https://seclists.org/oss-sec/2022/q4/22", "url": "https://seclists.org/oss-sec/2022/q4/22" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:24:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6172" }, { "category": "workaround", "details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-text: variable interpolation RCE" }, { "cve": "CVE-2023-24422", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-01-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164278" } ], "notes": [ { "category": "description", "text": "A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as out of support scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24422" }, { "category": "external", "summary": "RHBZ#2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24422", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24422" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016", "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016" } ], "release_date": "2023-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:24:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6172" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin" }, { "cve": "CVE-2023-25761", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170039" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25761" }, { "category": "external", "summary": "RHBZ#2170039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25761", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25761" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:24:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6172" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin" }, { "cve": "CVE-2023-25762", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170041" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25762" }, { "category": "external", "summary": "RHBZ#2170041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25762", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25762" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:24:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6172" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin" }, { "cve": "CVE-2023-27903", "cwe": { "id": "CWE-266", "name": "Incorrect Privilege Assignment" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177632" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI\u2019s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Temporary file parameter created with insecure permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27903" }, { "category": "external", "summary": "RHBZ#2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27903", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27903" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:24:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6172" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Temporary file parameter created with insecure permissions" }, { "cve": "CVE-2023-27904", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177634" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Information disclosure through error stack traces related to agents", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27904" }, { "category": "external", "summary": "RHBZ#2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:24:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6172" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Information disclosure through error stack traces related to agents" }, { "cve": "CVE-2023-39325", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2243296" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39325" }, { "category": "external", "summary": "RHBZ#2243296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-44487", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://go.dev/issue/63417", "url": "https://go.dev/issue/63417" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T11:24:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6172" }, { "category": "workaround", "details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.414.3.1698293911-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1698294000-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)" } ] }
rhsa-2024_0778
Vulnerability from csaf_redhat
Published
2024-02-12 10:38
Modified
2024-11-15 17:41
Summary
Red Hat Security Advisory: Jenkins and Jenkins-2-plugins security update
Notes
Topic
An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization (CVE-2020-7692)
* maven: Block repositories using http by default (CVE-2021-26291)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)
* jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE (CVE-2024-23897)
* jenkins: cross-site WebSocket hijacking (CVE-2024-23898)
* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
* guava: insecure temporary directory creation (CVE-2023-2976)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* spring-security: Empty SecurityContext Is Not Properly Saved Upon Logout (CVE-2023-20862)
* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)
* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)
* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)
* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)
* Jenkins: Open redirect vulnerability in OpenShift Login Plugin (CVE-2023-37947)
* jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)
* jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin (CVE-2023-40337)
* jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin (CVE-2023-40338)
* jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin (CVE-2023-40339)
* jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials (CVE-2023-40341)
* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization (CVE-2020-7692)\n\n* maven: Block repositories using http by default (CVE-2021-26291)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE (CVE-2024-23897)\n\n* jenkins: cross-site WebSocket hijacking (CVE-2024-23898)\n\n* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* spring-security: Empty SecurityContext Is Not Properly Saved Upon Logout (CVE-2023-20862)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)\n\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n\n* Jenkins: Open redirect vulnerability in OpenShift Login Plugin (CVE-2023-37947)\n\n* jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)\n\n* jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin (CVE-2023-40337)\n\n* jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin (CVE-2023-40338)\n\n* jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin (CVE-2023-40339)\n\n* jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials (CVE-2023-40341)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:0778", "url": "https://access.redhat.com/errata/RHSA-2024:0778" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1856376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856376" }, { "category": "external", "summary": "1955739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739" }, { "category": "external", "summary": "2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "2107376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "2170039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039" }, { "category": "external", "summary": "2170041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041" }, { "category": "external", "summary": "2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "external", "summary": "2180530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530" }, { "category": "external", "summary": "2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "2222710", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222710" }, { "category": "external", "summary": "2227788", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227788" }, { "category": "external", "summary": "2232422", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232422" }, { "category": "external", "summary": "2232423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232423" }, { "category": "external", "summary": "2232425", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232425" }, { "category": "external", "summary": "2232426", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232426" }, { "category": "external", "summary": "2236340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340" }, { "category": "external", "summary": "2236341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341" }, { "category": "external", "summary": "2239634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634" }, { "category": "external", "summary": "2260180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260180" }, { "category": "external", "summary": "2260182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260182" }, { "category": "external", "summary": "JKNS-271", "url": "https://issues.redhat.com/browse/JKNS-271" }, { "category": "external", "summary": "JKNS-289", "url": "https://issues.redhat.com/browse/JKNS-289" }, { "category": "external", "summary": "OCPBUGS-10976", "url": "https://issues.redhat.com/browse/OCPBUGS-10976" }, { "category": "external", "summary": "OCPBUGS-11158", "url": "https://issues.redhat.com/browse/OCPBUGS-11158" }, { "category": "external", "summary": "OCPBUGS-11348", "url": "https://issues.redhat.com/browse/OCPBUGS-11348" }, { "category": "external", "summary": "OCPBUGS-1357", "url": "https://issues.redhat.com/browse/OCPBUGS-1357" }, { "category": "external", "summary": "OCPBUGS-13652", "url": "https://issues.redhat.com/browse/OCPBUGS-13652" }, { "category": "external", "summary": "OCPBUGS-13901", "url": "https://issues.redhat.com/browse/OCPBUGS-13901" }, { "category": "external", "summary": "OCPBUGS-14113", "url": "https://issues.redhat.com/browse/OCPBUGS-14113" }, { "category": "external", "summary": "OCPBUGS-14393", "url": "https://issues.redhat.com/browse/OCPBUGS-14393" }, { "category": "external", "summary": "OCPBUGS-14642", "url": "https://issues.redhat.com/browse/OCPBUGS-14642" }, { "category": "external", "summary": "OCPBUGS-15648", "url": "https://issues.redhat.com/browse/OCPBUGS-15648" }, { "category": "external", "summary": "OCPBUGS-1709", "url": "https://issues.redhat.com/browse/OCPBUGS-1709" }, { "category": "external", "summary": "OCPBUGS-1942", "url": "https://issues.redhat.com/browse/OCPBUGS-1942" }, { "category": "external", "summary": "OCPBUGS-2099", "url": "https://issues.redhat.com/browse/OCPBUGS-2099" }, { "category": "external", "summary": "OCPBUGS-2184", "url": "https://issues.redhat.com/browse/OCPBUGS-2184" }, { "category": "external", "summary": "OCPBUGS-2318", "url": "https://issues.redhat.com/browse/OCPBUGS-2318" }, { "category": "external", "summary": "OCPBUGS-27391", "url": "https://issues.redhat.com/browse/OCPBUGS-27391" }, { "category": "external", "summary": "OCPBUGS-3692", "url": "https://issues.redhat.com/browse/OCPBUGS-3692" }, { "category": "external", "summary": "OCPBUGS-4819", "url": "https://issues.redhat.com/browse/OCPBUGS-4819" }, { "category": "external", "summary": "OCPBUGS-4833", "url": "https://issues.redhat.com/browse/OCPBUGS-4833" }, { "category": "external", "summary": "OCPBUGS-655", "url": "https://issues.redhat.com/browse/OCPBUGS-655" }, { "category": "external", "summary": "OCPBUGS-6632", "url": "https://issues.redhat.com/browse/OCPBUGS-6632" }, { "category": "external", "summary": "OCPBUGS-6982", "url": "https://issues.redhat.com/browse/OCPBUGS-6982" }, { "category": "external", "summary": "OCPBUGS-7016", "url": "https://issues.redhat.com/browse/OCPBUGS-7016" }, { "category": "external", "summary": "OCPBUGS-7050", "url": "https://issues.redhat.com/browse/OCPBUGS-7050" }, { "category": "external", "summary": "OCPBUGS-710", "url": "https://issues.redhat.com/browse/OCPBUGS-710" }, { "category": "external", "summary": "OCPBUGS-8420", "url": "https://issues.redhat.com/browse/OCPBUGS-8420" }, { "category": "external", "summary": "OCPBUGS-8497", "url": "https://issues.redhat.com/browse/OCPBUGS-8497" }, { "category": "external", "summary": "OCPTOOLS-246", "url": "https://issues.redhat.com/browse/OCPTOOLS-246" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0778.json" } ], "title": "Red Hat Security Advisory: Jenkins and Jenkins-2-plugins security update", "tracking": { "current_release_date": "2024-11-15T17:41:32+00:00", "generator": { "date": "2024-11-15T17:41:32+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:0778", "initial_release_date": "2024-02-12T10:38:58+00:00", "revision_history": [ { "date": "2024-02-12T10:38:58+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-02-12T10:38:58+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T17:41:32+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.12", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.426.3.1706515686-3.el8.src", "product": { "name": "jenkins-0:2.426.3.1706515686-3.el8.src", "product_id": "jenkins-0:2.426.3.1706515686-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.426.3.1706515686-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.12.1706515741-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.12.1706515741-1.el8.src", "product_id": "jenkins-2-plugins-0:4.12.1706515741-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1706515741-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.426.3.1706515686-3.el8.noarch", "product": { "name": "jenkins-0:2.426.3.1706515686-3.el8.noarch", "product_id": "jenkins-0:2.426.3.1706515686-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.426.3.1706515686-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.12.1706515741-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.426.3.1706515686-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch" }, "product_reference": "jenkins-0:2.426.3.1706515686-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.426.3.1706515686-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" }, "product_reference": "jenkins-0:2.426.3.1706515686-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.12" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.12.1706515741-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.12", "product_id": "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.12.1706515741-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.12" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-7692", "cwe": { "id": "CWE-358", "name": "Improperly Implemented Security Check for Standard" }, "discovery_date": "2020-07-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1856376" } ], "notes": [ { "category": "description", "text": "PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.", "title": "Vulnerability description" }, { "category": "summary", "text": "google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-7692" }, { "category": "external", "summary": "RHBZ#1856376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856376" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7692", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7692" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7692", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7692" } ], "release_date": "2020-07-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization" }, { "cve": "CVE-2021-26291", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-04-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1955739" } ], "notes": [ { "category": "description", "text": "A flaw was found in maven. Repositories that are defined in a dependency\u2019s Project Object Model (pom), which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven: Block repositories using http by default", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-26291" }, { "category": "external", "summary": "RHBZ#1955739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-26291", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26291" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291" }, { "category": "external", "summary": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291", "url": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291" } ], "release_date": "2021-04-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" }, { "category": "workaround", "details": "To avoid possible man-in-the-middle related attacks with this flaw, ensure any linked repositories in maven POMs use https and not http.", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "maven: Block repositories using http by default" }, { "cve": "CVE-2022-1962", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "discovery_date": "2022-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2107376" } ], "notes": [ { "category": "description", "text": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: go/parser: stack exhaustion in all Parse* functions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1962" }, { "category": "external", "summary": "RHBZ#2107376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107376" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1962", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1962" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1962" }, { "category": "external", "summary": "https://go.dev/issue/53616", "url": "https://go.dev/issue/53616" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" } ], "release_date": "2022-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: go/parser: stack exhaustion in all Parse* functions" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" }, { "cve": "CVE-2022-42889", "cwe": { "id": "CWE-1188", "name": "Initialization of a Resource with an Insecure Default" }, "discovery_date": "2022-10-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135435" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-text: variable interpolation RCE", "title": "Vulnerability summary" }, { "category": "other", "text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42889" }, { "category": "external", "summary": "RHBZ#2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889" }, { "category": "external", "summary": "https://blogs.apache.org/security/entry/cve-2022-42889", "url": "https://blogs.apache.org/security/entry/cve-2022-42889" }, { "category": "external", "summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om" }, { "category": "external", "summary": "https://seclists.org/oss-sec/2022/q4/22", "url": "https://seclists.org/oss-sec/2022/q4/22" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" }, { "category": "workaround", "details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-text: variable interpolation RCE" }, { "cve": "CVE-2023-2976", "cwe": { "id": "CWE-552", "name": "Files or Directories Accessible to External Parties" }, "discovery_date": "2023-06-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215229" } ], "notes": [ { "category": "description", "text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: insecure temporary directory creation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-2976" }, { "category": "external", "summary": "RHBZ#2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976" } ], "release_date": "2023-06-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" }, { "category": "workaround", "details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "guava: insecure temporary directory creation" }, { "cve": "CVE-2023-20861", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-03-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2180530" } ], "notes": [ { "category": "description", "text": "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: Spring Expression DoS Vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-20861" }, { "category": "external", "summary": "RHBZ#2180530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20861", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20861" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861" }, { "category": "external", "summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", "url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861" } ], "release_date": "2023-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "springframework: Spring Expression DoS Vulnerability" }, { "cve": "CVE-2023-20862", "cwe": { "id": "CWE-459", "name": "Incomplete Cleanup" }, "discovery_date": "2023-07-31T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2227788" } ], "notes": [ { "category": "description", "text": "A flaw was found in Spring Security. In affected versions of Spring Security, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout.", "title": "Vulnerability description" }, { "category": "summary", "text": "spring-security: Empty SecurityContext Is Not Properly Saved Upon Logout", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-20862" }, { "category": "external", "summary": "RHBZ#2227788", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2227788" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20862", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20862" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20862", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20862" }, { "category": "external", "summary": "https://spring.io/security/cve-2023-20862", "url": "https://spring.io/security/cve-2023-20862" } ], "release_date": "2023-04-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "spring-security: Empty SecurityContext Is Not Properly Saved Upon Logout" }, { "cve": "CVE-2023-24422", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-01-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164278" } ], "notes": [ { "category": "description", "text": "A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as out of support scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24422" }, { "category": "external", "summary": "RHBZ#2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24422", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24422" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016", "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016" } ], "release_date": "2023-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin" }, { "cve": "CVE-2023-25761", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170039" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25761" }, { "category": "external", "summary": "RHBZ#2170039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25761", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25761" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin" }, { "cve": "CVE-2023-25762", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170041" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25762" }, { "category": "external", "summary": "RHBZ#2170041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25762", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25762" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin" }, { "cve": "CVE-2023-26048", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-08-30T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2236340" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26048" }, { "category": "external", "summary": "RHBZ#2236340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8" } ], "release_date": "2023-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()" }, { "cve": "CVE-2023-26049", "cwe": { "id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input" }, "discovery_date": "2023-08-30T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2236341" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26049" }, { "category": "external", "summary": "RHBZ#2236341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c" } ], "release_date": "2023-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies" }, { "cve": "CVE-2023-27903", "cwe": { "id": "CWE-266", "name": "Incorrect Privilege Assignment" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177632" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI\u2019s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Temporary file parameter created with insecure permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27903" }, { "category": "external", "summary": "RHBZ#2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27903", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27903" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Temporary file parameter created with insecure permissions" }, { "cve": "CVE-2023-27904", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177634" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Information disclosure through error stack traces related to agents", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27904" }, { "category": "external", "summary": "RHBZ#2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Information disclosure through error stack traces related to agents" }, { "cve": "CVE-2023-37947", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2023-07-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2222710" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to conduct phishing attacks caused by an open redirect vulnerability. An attacker can use a specially crafted URL to redirect a victim to arbitrary web sites.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Open redirect vulnerability in OpenShift Login Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-37947" }, { "category": "external", "summary": "RHBZ#2222710", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222710" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-37947", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37947" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37947", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37947" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2999", "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2999" } ], "release_date": "2023-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Jenkins: Open redirect vulnerability in OpenShift Login Plugin" }, { "cve": "CVE-2023-40167", "cwe": { "id": "CWE-130", "name": "Improper Handling of Length Parameter Inconsistency" }, "discovery_date": "2023-09-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2239634" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400 responses.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: Improper validation of HTTP/1 content-length", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40167" }, { "category": "external", "summary": "RHBZ#2239634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40167", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40167" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6" }, { "category": "external", "summary": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6", "url": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6" } ], "release_date": "2023-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: Improper validation of HTTP/1 content-length" }, { "cve": "CVE-2023-40337", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "discovery_date": "2023-08-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2232425" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin allow attackers to copy a view inside a folder.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40337" }, { "category": "external", "summary": "RHBZ#2232425", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232425" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40337", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40337" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40337", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40337" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105", "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105" } ], "release_date": "2023-08-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin" }, { "cve": "CVE-2023-40338", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-08-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2232426" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin display an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available. This flaw exposes information about the Jenkins controller file system.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40338" }, { "category": "external", "summary": "RHBZ#2232426", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232426" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40338", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40338" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40338", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40338" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109", "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109" } ], "release_date": "2023-08-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin" }, { "cve": "CVE-2023-40339", "discovery_date": "2023-08-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2232423" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask (replace with asterisks) credentials specified in configuration files when they\u0027re written to the build log.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40339" }, { "category": "external", "summary": "RHBZ#2232423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40339", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40339" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40339", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40339" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3090", "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3090" } ], "release_date": "2023-08-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-plugins: config-file-provider: Improper masking of credentials in Config File Provider Plugin" }, { "cve": "CVE-2023-40341", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "discovery_date": "2023-08-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2232422" } ], "notes": [ { "category": "description", "text": "A flaw was found in the blueocean Jenkins plugin. Affected versions of this plugin allow attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40341" }, { "category": "external", "summary": "RHBZ#2232422", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232422" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40341", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40341" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40341", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40341" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116", "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116" } ], "release_date": "2023-08-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-plugins: blueocean: CSRF vulnerability in Blue Ocean Plugin allows capturing credentials" }, { "cve": "CVE-2024-23897", "cwe": { "id": "CWE-88", "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)" }, "discovery_date": "2024-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260180" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins, which uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces the \"@\" character followed by a file path in an argument with the file\u2019s contents (expandAtFiles). This feature is enabled by default; Jenkins 2.441 and earlier as well as LTS 2.426.2 and earlier do not disable it.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23897" }, { "category": "external", "summary": "RHBZ#2260180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260180" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23897", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23897" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23897", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23897" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" }, { "category": "workaround", "details": "Disabling access to the CLI is expected to prevent exploitation completely. Doing so is strongly recommended to administrators unable to immediately update to Jenkins 2.442, LTS 2.426.3 or LTS 2.440.1. Applying this workaround does not require a Jenkins restart.", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "threats": [ { "category": "exploit_status", "date": "2024-08-19T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE" }, { "cve": "CVE-2024-23898", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260182" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins where websocket access to the CLI does not perform origin validation of requests when they are made through the websocket endpoint.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: cross-site WebSocket hijacking", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-2-plugins-0:4.12.1706515741-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23898" }, { "category": "external", "summary": "RHBZ#2260182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260182" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23898", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23898" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23898", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23898" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:38:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.noarch", "8Base-OCP-Tools-4.12:jenkins-0:2.426.3.1706515686-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: cross-site WebSocket hijacking" } ] }
rhsa-2022_1541
Vulnerability from csaf_redhat
Published
2022-04-26 10:25
Modified
2024-11-15 13:01
Summary
Red Hat Security Advisory: maven-shared-utils security update
Notes
Topic
An update for maven-shared-utils is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.
Security Fix(es):
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for maven-shared-utils is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.\n\nSecurity Fix(es):\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:1541", "url": "https://access.redhat.com/errata/RHSA-2022:1541" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1541.json" } ], "title": "Red Hat Security Advisory: maven-shared-utils security update", "tracking": { "current_release_date": "2024-11-15T13:01:29+00:00", "generator": { "date": "2024-11-15T13:01:29+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:1541", "initial_release_date": "2022-04-26T10:25:11+00:00", "revision_history": [ { "date": "2022-04-26T10:25:11+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-04-26T10:25:11+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T13:01:29+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Client Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::computenode" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product": { "name": "Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "maven-shared-utils-0:0.4-4.el7_9.src", "product": { "name": "maven-shared-utils-0:0.4-4.el7_9.src", "product_id": "maven-shared-utils-0:0.4-4.el7_9.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-shared-utils@0.4-4.el7_9?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "maven-shared-utils-0:0.4-4.el7_9.noarch", "product": { "name": "maven-shared-utils-0:0.4-4.el7_9.noarch", "product_id": "maven-shared-utils-0:0.4-4.el7_9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-shared-utils@0.4-4.el7_9?arch=noarch" } } }, { "category": "product_version", "name": "maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch", "product": { "name": "maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch", "product_id": "maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-shared-utils-javadoc@0.4-4.el7_9?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:0.4-4.el7_9.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.noarch" }, "product_reference": "maven-shared-utils-0:0.4-4.el7_9.noarch", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:0.4-4.el7_9.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.src" }, "product_reference": "maven-shared-utils-0:0.4-4.el7_9.src", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)", "product_id": "7Client-optional-7.9.Z:maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch" }, "product_reference": "maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch", "relates_to_product_reference": "7Client-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:0.4-4.el7_9.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.noarch" }, "product_reference": "maven-shared-utils-0:0.4-4.el7_9.noarch", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:0.4-4.el7_9.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.src" }, "product_reference": "maven-shared-utils-0:0.4-4.el7_9.src", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)", "product_id": "7ComputeNode-optional-7.9.Z:maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch" }, "product_reference": "maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch", "relates_to_product_reference": "7ComputeNode-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:0.4-4.el7_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.noarch" }, "product_reference": "maven-shared-utils-0:0.4-4.el7_9.noarch", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:0.4-4.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.src" }, "product_reference": "maven-shared-utils-0:0.4-4.el7_9.src", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)", "product_id": "7Server-optional-7.9.Z:maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch" }, "product_reference": "maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch", "relates_to_product_reference": "7Server-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:0.4-4.el7_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.noarch" }, "product_reference": "maven-shared-utils-0:0.4-4.el7_9.noarch", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:0.4-4.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.src" }, "product_reference": "maven-shared-utils-0:0.4-4.el7_9.src", "relates_to_product_reference": "7Workstation-optional-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)", "product_id": "7Workstation-optional-7.9.Z:maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch" }, "product_reference": "maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch", "relates_to_product_reference": "7Workstation-optional-7.9.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Client-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.noarch", "7Client-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.src", "7Client-optional-7.9.Z:maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch", "7ComputeNode-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.noarch", "7ComputeNode-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.src", "7ComputeNode-optional-7.9.Z:maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch", "7Server-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.noarch", "7Server-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.src", "7Server-optional-7.9.Z:maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch", "7Workstation-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.noarch", "7Workstation-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.src", "7Workstation-optional-7.9.Z:maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-04-26T10:25:11+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Client-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.noarch", "7Client-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.src", "7Client-optional-7.9.Z:maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch", "7ComputeNode-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.noarch", "7ComputeNode-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.src", "7ComputeNode-optional-7.9.Z:maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch", "7Server-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.noarch", "7Server-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.src", "7Server-optional-7.9.Z:maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch", "7Workstation-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.noarch", "7Workstation-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.src", "7Workstation-optional-7.9.Z:maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1541" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Client-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.noarch", "7Client-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.src", "7Client-optional-7.9.Z:maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch", "7ComputeNode-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.noarch", "7ComputeNode-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.src", "7ComputeNode-optional-7.9.Z:maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch", "7Server-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.noarch", "7Server-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.src", "7Server-optional-7.9.Z:maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch", "7Workstation-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.noarch", "7Workstation-optional-7.9.Z:maven-shared-utils-0:0.4-4.el7_9.src", "7Workstation-optional-7.9.Z:maven-shared-utils-javadoc-0:0.4-4.el7_9.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" } ] }
rhsa-2024_0776
Vulnerability from csaf_redhat
Published
2024-02-12 10:26
Modified
2024-11-15 15:09
Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Notes
Topic
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* maven: Block repositories using http by default (CVE-2021-26291)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)
* Jenkins: Session fixation vulnerability in OpenShift Login Plugin (CVE-2023-37946)
* jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE (CVE-2024-23897)
* jenkins: cross-site WebSocket hijacking (CVE-2024-23898)
* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)
* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* maven: Block repositories using http by default (CVE-2021-26291)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* Jenkins: Session fixation vulnerability in OpenShift Login Plugin (CVE-2023-37946)\n\n* jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE (CVE-2024-23897)\n\n* jenkins: cross-site WebSocket hijacking (CVE-2024-23898)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:0776", "url": "https://access.redhat.com/errata/RHSA-2024:0776" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1955739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739" }, { "category": "external", "summary": "2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "2170039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039" }, { "category": "external", "summary": "2170041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041" }, { "category": "external", "summary": "2222709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222709" }, { "category": "external", "summary": "2260180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260180" }, { "category": "external", "summary": "2260182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260182" }, { "category": "external", "summary": "JKNS-271", "url": "https://issues.redhat.com/browse/JKNS-271" }, { "category": "external", "summary": "JKNS-289", "url": "https://issues.redhat.com/browse/JKNS-289" }, { "category": "external", "summary": "OCPBUGS-10934", "url": "https://issues.redhat.com/browse/OCPBUGS-10934" }, { "category": "external", "summary": "OCPBUGS-11158", "url": "https://issues.redhat.com/browse/OCPBUGS-11158" }, { "category": "external", "summary": "OCPBUGS-11329", "url": "https://issues.redhat.com/browse/OCPBUGS-11329" }, { "category": "external", "summary": "OCPBUGS-11446", "url": "https://issues.redhat.com/browse/OCPBUGS-11446" }, { "category": "external", "summary": "OCPBUGS-11452", "url": "https://issues.redhat.com/browse/OCPBUGS-11452" }, { "category": "external", "summary": "OCPBUGS-1357", "url": "https://issues.redhat.com/browse/OCPBUGS-1357" }, { "category": "external", "summary": "OCPBUGS-13651", "url": "https://issues.redhat.com/browse/OCPBUGS-13651" }, { "category": "external", "summary": "OCPBUGS-13870", "url": "https://issues.redhat.com/browse/OCPBUGS-13870" }, { "category": "external", "summary": "OCPBUGS-14112", "url": "https://issues.redhat.com/browse/OCPBUGS-14112" }, { "category": "external", "summary": "OCPBUGS-14311", "url": "https://issues.redhat.com/browse/OCPBUGS-14311" }, { "category": "external", "summary": "OCPBUGS-14634", "url": "https://issues.redhat.com/browse/OCPBUGS-14634" }, { "category": "external", "summary": "OCPBUGS-15647", "url": "https://issues.redhat.com/browse/OCPBUGS-15647" }, { "category": "external", "summary": "OCPBUGS-15986", "url": "https://issues.redhat.com/browse/OCPBUGS-15986" }, { "category": "external", "summary": "OCPBUGS-1709", "url": "https://issues.redhat.com/browse/OCPBUGS-1709" }, { "category": "external", "summary": "OCPBUGS-1942", "url": "https://issues.redhat.com/browse/OCPBUGS-1942" }, { "category": "external", "summary": "OCPBUGS-2099", "url": "https://issues.redhat.com/browse/OCPBUGS-2099" }, { "category": "external", "summary": "OCPBUGS-2184", "url": "https://issues.redhat.com/browse/OCPBUGS-2184" }, { "category": "external", "summary": "OCPBUGS-2318", "url": "https://issues.redhat.com/browse/OCPBUGS-2318" }, { "category": "external", "summary": "OCPBUGS-27389", "url": "https://issues.redhat.com/browse/OCPBUGS-27389" }, { "category": "external", "summary": "OCPBUGS-655", "url": "https://issues.redhat.com/browse/OCPBUGS-655" }, { "category": "external", "summary": "OCPBUGS-6579", "url": "https://issues.redhat.com/browse/OCPBUGS-6579" }, { "category": "external", "summary": "OCPBUGS-6870", "url": "https://issues.redhat.com/browse/OCPBUGS-6870" }, { "category": "external", "summary": "OCPBUGS-710", "url": "https://issues.redhat.com/browse/OCPBUGS-710" }, { "category": "external", "summary": "OCPBUGS-8377", "url": "https://issues.redhat.com/browse/OCPBUGS-8377" }, { "category": "external", "summary": "OCPBUGS-8442", "url": "https://issues.redhat.com/browse/OCPBUGS-8442" }, { "category": "external", "summary": "OCPTOOLS-245", "url": "https://issues.redhat.com/browse/OCPTOOLS-245" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0776.json" } ], "title": "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update", "tracking": { "current_release_date": "2024-11-15T15:09:24+00:00", "generator": { "date": "2024-11-15T15:09:24+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:0776", "initial_release_date": "2024-02-12T10:26:48+00:00", "revision_history": [ { "date": "2024-02-12T10:26:48+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-02-12T10:26:48+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T15:09:24+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.13", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.13::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.426.3.1706516254-3.el8.src", "product": { "name": "jenkins-0:2.426.3.1706516254-3.el8.src", "product_id": "jenkins-0:2.426.3.1706516254-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.426.3.1706516254-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.13.1706516346-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.13.1706516346-1.el8.src", "product_id": "jenkins-2-plugins-0:4.13.1706516346-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1706516346-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.426.3.1706516254-3.el8.noarch", "product": { "name": "jenkins-0:2.426.3.1706516254-3.el8.noarch", "product_id": "jenkins-0:2.426.3.1706516254-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.426.3.1706516254-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1706516346-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.426.3.1706516254-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch" }, "product_reference": "jenkins-0:2.426.3.1706516254-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.426.3.1706516254-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" }, "product_reference": "jenkins-0:2.426.3.1706516254-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.13.1706516346-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.13.1706516346-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.13" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-26291", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2021-04-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1955739" } ], "notes": [ { "category": "description", "text": "A flaw was found in maven. Repositories that are defined in a dependency\u2019s Project Object Model (pom), which may be unknown to users, are used by default resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven: Block repositories using http by default", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-26291" }, { "category": "external", "summary": "RHBZ#1955739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955739" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-26291", "url": "https://www.cve.org/CVERecord?id=CVE-2021-26291" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26291" }, { "category": "external", "summary": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291", "url": "https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291" } ], "release_date": "2021-04-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:26:48+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0776" }, { "category": "workaround", "details": "To avoid possible man-in-the-middle related attacks with this flaw, ensure any linked repositories in maven POMs use https and not http.", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "maven: Block repositories using http by default" }, { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:26:48+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0776" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:26:48+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0776" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" }, { "cve": "CVE-2022-42889", "cwe": { "id": "CWE-1188", "name": "Initialization of a Resource with an Insecure Default" }, "discovery_date": "2022-10-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135435" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-text: variable interpolation RCE", "title": "Vulnerability summary" }, { "category": "other", "text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42889" }, { "category": "external", "summary": "RHBZ#2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889" }, { "category": "external", "summary": "https://blogs.apache.org/security/entry/cve-2022-42889", "url": "https://blogs.apache.org/security/entry/cve-2022-42889" }, { "category": "external", "summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om" }, { "category": "external", "summary": "https://seclists.org/oss-sec/2022/q4/22", "url": "https://seclists.org/oss-sec/2022/q4/22" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:26:48+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0776" }, { "category": "workaround", "details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-text: variable interpolation RCE" }, { "cve": "CVE-2023-24422", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-01-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164278" } ], "notes": [ { "category": "description", "text": "A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as out of support scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24422" }, { "category": "external", "summary": "RHBZ#2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24422", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24422" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016", "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016" } ], "release_date": "2023-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:26:48+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0776" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin" }, { "cve": "CVE-2023-25761", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170039" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25761" }, { "category": "external", "summary": "RHBZ#2170039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25761", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25761" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:26:48+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0776" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin" }, { "cve": "CVE-2023-25762", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170041" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25762" }, { "category": "external", "summary": "RHBZ#2170041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25762", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25762" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:26:48+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0776" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin" }, { "cve": "CVE-2023-37946", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2023-07-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2222709" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to bypass security restrictions caused by not invalidating the existing session on login. By persuading a victim to visit a specially crafted Web site, an attacker can gain administrator access to Jenkins.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Session fixation vulnerability in OpenShift Login Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-37946" }, { "category": "external", "summary": "RHBZ#2222709", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222709" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-37946", "url": "https://www.cve.org/CVERecord?id=CVE-2023-37946" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37946", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37946" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2998", "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-2998" } ], "release_date": "2023-07-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:26:48+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0776" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Jenkins: Session fixation vulnerability in OpenShift Login Plugin" }, { "cve": "CVE-2024-23897", "cwe": { "id": "CWE-88", "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)" }, "discovery_date": "2024-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260180" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins, which uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces the \"@\" character followed by a file path in an argument with the file\u2019s contents (expandAtFiles). This feature is enabled by default; Jenkins 2.441 and earlier as well as LTS 2.426.2 and earlier do not disable it.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23897" }, { "category": "external", "summary": "RHBZ#2260180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260180" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23897", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23897" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23897", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23897" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:26:48+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0776" }, { "category": "workaround", "details": "Disabling access to the CLI is expected to prevent exploitation completely. Doing so is strongly recommended to administrators unable to immediately update to Jenkins 2.442, LTS 2.426.3 or LTS 2.440.1. Applying this workaround does not require a Jenkins restart.", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] } ], "threats": [ { "category": "exploit_status", "date": "2024-08-19T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Critical" } ], "title": "jenkins: Arbitrary file read vulnerability through the CLI can lead to RCE" }, { "cve": "CVE-2024-23898", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-01-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260182" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins where websocket access to the CLI does not perform origin validation of requests when they are made through the websocket endpoint.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins: cross-site WebSocket hijacking", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1706516346-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23898" }, { "category": "external", "summary": "RHBZ#2260182", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260182" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23898", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23898" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23898", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23898" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/01/24/6", "url": "http://www.openwall.com/lists/oss-security/2024/01/24/6" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315", "url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315" } ], "release_date": "2024-01-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-02-12T10:26:48+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:0776" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.426.3.1706516254-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins: cross-site WebSocket hijacking" } ] }
rhsa-2022_1662
Vulnerability from csaf_redhat
Published
2022-05-02 08:06
Modified
2024-11-15 13:01
Summary
Red Hat Security Advisory: rh-maven36-maven-shared-utils security update
Notes
Topic
An update for rh-maven36-maven-shared-utils is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.
Security Fix(es):
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-maven36-maven-shared-utils is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.\n\nSecurity Fix(es):\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:1662", "url": "https://access.redhat.com/errata/RHSA-2022:1662" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1662.json" } ], "title": "Red Hat Security Advisory: rh-maven36-maven-shared-utils security update", "tracking": { "current_release_date": "2024-11-15T13:01:53+00:00", "generator": { "date": "2024-11-15T13:01:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:1662", "initial_release_date": "2022-05-02T08:06:14+00:00", "revision_history": [ { "date": "2022-05-02T08:06:14+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-02T08:06:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T13:01:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for RHEL Workstation(v. 7)", "product": { "name": "Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for RHEL(v. 7)", "product": { "name": "Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.src", "product": { "name": "rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.src", "product_id": "rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven36-maven-shared-utils@3.2.1-0.2.3.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.noarch", "product": { "name": "rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.noarch", "product_id": "rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven36-maven-shared-utils@3.2.1-0.2.3.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-maven36-maven-shared-utils-javadoc-0:3.2.1-0.2.3.el7.noarch", "product": { "name": "rh-maven36-maven-shared-utils-javadoc-0:3.2.1-0.2.3.el7.noarch", "product_id": "rh-maven36-maven-shared-utils-javadoc-0:3.2.1-0.2.3.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-maven36-maven-shared-utils-javadoc@3.2.1-0.2.3.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.noarch" }, "product_reference": "rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.src" }, "product_reference": "rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven36-maven-shared-utils-javadoc-0:3.2.1-0.2.3.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-maven36-maven-shared-utils-javadoc-0:3.2.1-0.2.3.el7.noarch" }, "product_reference": "rh-maven36-maven-shared-utils-javadoc-0:3.2.1-0.2.3.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.noarch" }, "product_reference": "rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.src" }, "product_reference": "rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-maven36-maven-shared-utils-javadoc-0:3.2.1-0.2.3.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-maven36-maven-shared-utils-javadoc-0:3.2.1-0.2.3.el7.noarch" }, "product_reference": "rh-maven36-maven-shared-utils-javadoc-0:3.2.1-0.2.3.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.8" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.noarch", "7Server-RHSCL-3.8:rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.src", "7Server-RHSCL-3.8:rh-maven36-maven-shared-utils-javadoc-0:3.2.1-0.2.3.el7.noarch", "7Workstation-RHSCL-3.8:rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.noarch", "7Workstation-RHSCL-3.8:rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.src", "7Workstation-RHSCL-3.8:rh-maven36-maven-shared-utils-javadoc-0:3.2.1-0.2.3.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-02T08:06:14+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.noarch", "7Server-RHSCL-3.8:rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.src", "7Server-RHSCL-3.8:rh-maven36-maven-shared-utils-javadoc-0:3.2.1-0.2.3.el7.noarch", "7Workstation-RHSCL-3.8:rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.noarch", "7Workstation-RHSCL-3.8:rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.src", "7Workstation-RHSCL-3.8:rh-maven36-maven-shared-utils-javadoc-0:3.2.1-0.2.3.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:1662" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.noarch", "7Server-RHSCL-3.8:rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.src", "7Server-RHSCL-3.8:rh-maven36-maven-shared-utils-javadoc-0:3.2.1-0.2.3.el7.noarch", "7Workstation-RHSCL-3.8:rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.noarch", "7Workstation-RHSCL-3.8:rh-maven36-maven-shared-utils-0:3.2.1-0.2.3.el7.src", "7Workstation-RHSCL-3.8:rh-maven36-maven-shared-utils-javadoc-0:3.2.1-0.2.3.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" } ] }
rhsa-2022_4699
Vulnerability from csaf_redhat
Published
2022-05-23 12:00
Modified
2024-11-15 13:01
Summary
Red Hat Security Advisory: maven:3.5 security update
Notes
Topic
An update for the maven:3.5 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.
Security Fix(es):
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the maven:3.5 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven.\n\nSecurity Fix(es):\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:4699", "url": "https://access.redhat.com/errata/RHSA-2022:4699" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_4699.json" } ], "title": "Red Hat Security Advisory: maven:3.5 security update", "tracking": { "current_release_date": "2024-11-15T13:01:54+00:00", "generator": { "date": "2024-11-15T13:01:54+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:4699", "initial_release_date": "2022-05-23T12:00:16+00:00", "revision_history": [ { "date": "2022-05-23T12:00:16+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-05-23T12:00:16+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T13:01:54+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product": { "name": "Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_e4s:8.1::appstream" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "maven:3.5:8010020220428105208:6ece90b1", "product": { "name": "maven:3.5:8010020220428105208:6ece90b1", "product_id": "maven:3.5:8010020220428105208:6ece90b1", "product_identification_helper": { "purl": "pkg:rpmmod/redhat/maven@3.5:8010020220428105208:6ece90b1" } } }, { "category": "product_version", "name": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "product": { "name": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "product_id": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/aopalliance@1.0-17.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "product": { "name": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "product_id": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-cli@1.4-4.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "product": { "name": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "product_id": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-codec@1.11-3.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "product": { "name": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "product_id": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-io@2.6-3.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "product": { "name": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "product_id": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-lang3@3.7-3.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "product": { "name": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "product_id": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-logging@1.2-13.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "product": { "name": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "product_id": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atinject@1-28.20100611svn86.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "product": { "name": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "product_id": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/cdi-api@1.2-8.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "product": { "name": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "product_id": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-annotation@1.0-23.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "product": { "name": "glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "product_id": "glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-el-api@3.0.1-0.7.b08.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "product": { "name": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "product_id": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/google-guice@4.1-11.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "product": { "name": "guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "product_id": "guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/guava20@20.0-8.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "product": { "name": "hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "product_id": "hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hawtjni-runtime@1.16-2.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "product": { "name": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "product_id": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-client@4.5.5-4.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "product": { "name": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "product_id": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-core@4.4.10-3.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "product": { "name": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "product_id": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi@1.17.1-1.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "product": { "name": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "product_id": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-interceptors-1.2-api@1.0.0-8.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "product": { "name": "jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "product_id": "jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jcl-over-slf4j@1.7.25-4.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "product": { "name": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "product_id": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jsoup@1.11.3-3.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "product_id": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven@3.5.4-5.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "product_id": "maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-lib@3.5.4-5.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_id": "maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver-api@1.1.1-2.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_id": "maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver-connector-basic@1.1.1-2.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_id": "maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver-impl@1.1.1-2.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_id": "maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver-spi@1.1.1-2.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_id": "maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver-transport-wagon@1.1.1-2.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_id": "maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver-util@1.1.1-2.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.noarch", "product": { "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.noarch", "product_id": "maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-shared-utils@3.2.1-0.2.module%2Bel8.1.0%2B15171%2B4eab2c6b?arch=noarch" } } }, { "category": "product_version", "name": "maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product_id": "maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-wagon-file@3.1.0-1.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product_id": "maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-wagon-http@3.1.0-1.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product_id": "maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-wagon-http-shared@3.1.0-1.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product": { "name": "maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product_id": "maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-wagon-provider-api@3.1.0-1.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "product": { "name": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "product_id": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-cipher@1.7-14.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "product": { "name": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "product_id": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-classworlds@2.5.2-9.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "product": { "name": "plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "product_id": "plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-containers-component-annotations@1.7.1-8.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "product": { "name": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "product_id": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-interpolation@1.22-9.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "product": { "name": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "product_id": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-sec-dispatcher@1.4-26.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "product": { "name": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "product_id": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-utils@3.1.0-3.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } }, { "category": "product_version", "name": "sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "product": { "name": "sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "product_id": "sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/sisu-inject@0.3.3-6.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "product": { "name": "sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "product_id": "sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/sisu-plexus@0.3.3-6.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "product": { "name": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "product_id": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8%2B2452%2Bb359bfcd?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "product": { "name": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "product_id": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/aopalliance@1.0-17.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "product": { "name": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "product_id": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-cli@1.4-4.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "product": { "name": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "product_id": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-codec@1.11-3.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "product": { "name": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "product_id": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-io@2.6-3.module%2Bel8%2B2452%2Bb359bfcd?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "product": { "name": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "product_id": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-lang3@3.7-3.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "product": { "name": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "product_id": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-commons-logging@1.2-13.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "product": { "name": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "product_id": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atinject@1-28.20100611svn86.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "product": { "name": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "product_id": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cdi-api@1.2-8.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "product": { "name": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "product_id": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/geronimo-annotation@1.0-23.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "product": { "name": "glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "product_id": "glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-el@3.0.1-0.7.b08.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "product": { "name": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "product_id": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/google-guice@4.1-11.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "product": { "name": "guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "product_id": "guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/guava20@20.0-8.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "product": { "name": "hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "product_id": "hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hawtjni@1.16-2.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "product": { "name": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "product_id": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-client@4.5.5-4.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "product": { "name": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "product_id": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpcomponents-core@4.4.10-3.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "product": { "name": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "product_id": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi@1.17.1-1.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "product": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "product_id": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi-native@1.7-7.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "product": { "name": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "product_id": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-interceptors-1.2-api@1.0.0-8.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "product": { "name": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "product_id": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jsoup@1.11.3-3.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "product": { "name": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "product_id": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven@3.5.4-5.module%2Bel8%2B2452%2Bb359bfcd?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "product": { "name": "maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "product_id": "maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-resolver@1.1.1-2.module%2Bel8%2B2452%2Bb359bfcd?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.src", "product": { "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.src", "product_id": "maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-shared-utils@3.2.1-0.2.module%2Bel8.1.0%2B15171%2B4eab2c6b?arch=src" } } }, { "category": "product_version", "name": "maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "product": { "name": "maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "product_id": "maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/maven-wagon@3.1.0-1.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "product": { "name": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "product_id": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-cipher@1.7-14.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "product": { "name": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "product_id": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-classworlds@2.5.2-9.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "product": { "name": "plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "product_id": "plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-containers@1.7.1-8.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "product": { "name": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "product_id": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-interpolation@1.22-9.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "product": { "name": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "product_id": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-sec-dispatcher@1.4-26.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "product": { "name": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "product_id": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/plexus-utils@3.1.0-3.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } }, { "category": "product_version", "name": "sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "product": { "name": "sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "product_id": "sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/sisu@0.3.3-6.module%2Bel8%2B2452%2Bb359bfcd?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src", "product": { "name": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src", "product_id": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/slf4j@1.7.25-4.module%2Bel8%2B2452%2Bb359bfcd?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "product": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "product_id": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi-native@1.7-7.module%2Bel8%2B2452%2Bb359bfcd?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "product": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "product_id": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/jansi-native@1.7-7.module%2Bel8%2B2452%2Bb359bfcd?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, "product_reference": "maven:3.5:8010020220428105208:6ece90b1", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S" }, { "category": "default_component_of", "full_product_name": { "name": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch" }, "product_reference": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src" }, "product_reference": "aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch" }, "product_reference": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src" }, "product_reference": "apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch" }, "product_reference": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src" }, "product_reference": "atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch" }, "product_reference": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src" }, "product_reference": "cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch" }, "product_reference": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src" }, "product_reference": "geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src" }, "product_reference": "glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch" }, "product_reference": "glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch" }, "product_reference": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:google-guice-0:4.1-11.module+el8+2452+b359bfcd.src" }, "product_reference": "google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch" }, "product_reference": "guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "guava20-0:20.0-8.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:guava20-0:20.0-8.module+el8+2452+b359bfcd.src" }, "product_reference": "guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src" }, "product_reference": "hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch" }, "product_reference": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src" }, "product_reference": "httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src" }, "product_reference": "httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src" }, "product_reference": "jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64 as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64" }, "product_reference": "jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch" }, "product_reference": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src" }, "product_reference": "jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch" }, "product_reference": "jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src" }, "product_reference": "jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-1:3.5.4-5.module+el8+2452+b359bfcd.src" }, "product_reference": "maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src" }, "product_reference": "maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.noarch" }, "product_reference": "maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.src" }, "product_reference": "maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src" }, "product_reference": "maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch" }, "product_reference": "maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch" }, "product_reference": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src" }, "product_reference": "plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src" }, "product_reference": "sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch" }, "product_reference": "sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch" }, "product_reference": "sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch" }, "product_reference": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" }, { "category": "default_component_of", "full_product_name": { "name": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src as a component of maven:3.5:8010020220428105208:6ece90b1 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)", "product_id": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src" }, "product_reference": "slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src", "relates_to_product_reference": "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-05-23T12:00:16+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:4699" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:aopalliance-0:1.0-17.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-cli-0:1.4-4.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-codec-0:1.11-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-io-1:2.6-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-lang3-0:3.7-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:apache-commons-logging-0:1.2-13.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:atinject-0:1-28.20100611svn86.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:cdi-api-0:1.2-8.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:geronimo-annotation-0:1.0-23.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:glassfish-el-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:glassfish-el-api-0:3.0.1-0.7.b08.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:google-guice-0:4.1-11.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:google-guice-0:4.1-11.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:guava20-0:20.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:guava20-0:20.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:hawtjni-0:1.16-2.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:hawtjni-runtime-0:1.16-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:httpcomponents-client-0:4.5.5-4.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:httpcomponents-core-0:4.4.10-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-0:1.17.1-1.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.ppc64le", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jansi-native-0:1.7-7.module+el8+2452+b359bfcd.x86_64", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jboss-interceptors-1.2-api-0:1.0.0-8.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jcl-over-slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:jsoup-0:1.11.3-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-1:3.5.4-5.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-lib-1:3.5.4-5.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-1:1.1.1-2.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-api-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-connector-basic-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-impl-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-spi-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-transport-wagon-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-resolver-util-1:1.1.1-2.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-shared-utils-0:3.2.1-0.2.module+el8.1.0+15171+4eab2c6b.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-0:3.1.0-1.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-file-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-http-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-http-shared-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:maven-wagon-provider-api-0:3.1.0-1.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-cipher-0:1.7-14.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-classworlds-0:2.5.2-9.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-containers-0:1.7.1-8.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-containers-component-annotations-0:1.7.1-8.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-interpolation-0:1.22-9.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-sec-dispatcher-0:1.4-26.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:plexus-utils-0:3.1.0-3.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:sisu-1:0.3.3-6.module+el8+2452+b359bfcd.src", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:sisu-inject-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:sisu-plexus-1:0.3.3-6.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.noarch", "AppStream-8.1.0.Z.E4S:maven:3.5:8010020220428105208:6ece90b1:slf4j-0:1.7.25-4.module+el8+2452+b359bfcd.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" } ] }
rhsa-2023_7288
Vulnerability from csaf_redhat
Published
2023-11-16 05:58
Modified
2024-11-21 21:50
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 Openshift Jenkins security update
Notes
Topic
An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
* apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)
* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)
* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. \n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:7288", "url": "https://access.redhat.com/errata/RHSA-2023:7288" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "2170039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039" }, { "category": "external", "summary": "2170041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041" }, { "category": "external", "summary": "2242803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "category": "external", "summary": "2243296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7288.json" } ], "title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 Openshift Jenkins security update", "tracking": { "current_release_date": "2024-11-21T21:50:51+00:00", "generator": { "date": "2024-11-21T21:50:51+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:7288", "initial_release_date": "2023-11-16T05:58:26+00:00", "revision_history": [ { "date": "2023-11-16T05:58:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-11-16T05:58:26+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-21T21:50:51+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.14", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.14::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.414.3.1699356615-3.el8.src", "product": { "name": "jenkins-0:2.414.3.1699356615-3.el8.src", "product_id": "jenkins-0:2.414.3.1699356615-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.414.3.1699356615-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.14.1699356715-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.14.1699356715-1.el8.src", "product_id": "jenkins-2-plugins-0:4.14.1699356715-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1699356715-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.414.3.1699356615-3.el8.noarch", "product": { "name": "jenkins-0:2.414.3.1699356615-3.el8.noarch", "product_id": "jenkins-0:2.414.3.1699356615-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.414.3.1699356615-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.14.1699356715-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.414.3.1699356615-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch" }, "product_reference": "jenkins-0:2.414.3.1699356615-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.414.3.1699356615-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src" }, "product_reference": "jenkins-0:2.414.3.1699356615-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.14" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.14.1699356715-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.14", "product_id": "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.14.1699356715-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.14" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-16T05:58:26+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7288" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-16T05:58:26+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7288" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" }, { "cve": "CVE-2022-42889", "cwe": { "id": "CWE-1188", "name": "Initialization of a Resource with an Insecure Default" }, "discovery_date": "2022-10-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135435" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-text: variable interpolation RCE", "title": "Vulnerability summary" }, { "category": "other", "text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42889" }, { "category": "external", "summary": "RHBZ#2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889" }, { "category": "external", "summary": "https://blogs.apache.org/security/entry/cve-2022-42889", "url": "https://blogs.apache.org/security/entry/cve-2022-42889" }, { "category": "external", "summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om" }, { "category": "external", "summary": "https://seclists.org/oss-sec/2022/q4/22", "url": "https://seclists.org/oss-sec/2022/q4/22" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-16T05:58:26+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7288" }, { "category": "workaround", "details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-text: variable interpolation RCE" }, { "cve": "CVE-2023-24422", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-01-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164278" } ], "notes": [ { "category": "description", "text": "A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as out of support scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24422" }, { "category": "external", "summary": "RHBZ#2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24422", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24422" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016", "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016" } ], "release_date": "2023-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-16T05:58:26+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7288" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin" }, { "cve": "CVE-2023-25761", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170039" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25761" }, { "category": "external", "summary": "RHBZ#2170039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25761", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25761" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-16T05:58:26+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7288" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin" }, { "cve": "CVE-2023-25762", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170041" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25762" }, { "category": "external", "summary": "RHBZ#2170041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25762", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25762" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-16T05:58:26+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7288" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin" }, { "cve": "CVE-2023-39325", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2243296" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39325" }, { "category": "external", "summary": "RHBZ#2243296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-44487", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://go.dev/issue/63417", "url": "https://go.dev/issue/63417" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-16T05:58:26+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7288" }, { "category": "workaround", "details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)" }, { "cve": "CVE-2023-44487", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2242803" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)", "title": "Vulnerability summary" }, { "category": "other", "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "RHBZ#2242803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "category": "external", "summary": "RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/277", "url": "https://github.com/dotnet/announcements/issues/277" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" }, { "category": "external", "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-16T05:58:26+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:7288" }, { "category": "workaround", "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-0:2.414.3.1699356615-3.el8.src", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.noarch", "8Base-OCP-Tools-4.14:jenkins-2-plugins-0:4.14.1699356715-1.el8.src" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-10-10T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)" } ] }
rhsa-2023_6179
Vulnerability from csaf_redhat
Published
2023-10-30 13:03
Modified
2024-11-21 21:48
Summary
Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update
Notes
Topic
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)
* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)
* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)\n\n* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:6179", "url": "https://access.redhat.com/errata/RHSA-2023:6179" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "2170039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039" }, { "category": "external", "summary": "2170041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041" }, { "category": "external", "summary": "2242803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "category": "external", "summary": "2243296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6179.json" } ], "title": "Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update", "tracking": { "current_release_date": "2024-11-21T21:48:52+00:00", "generator": { "date": "2024-11-21T21:48:52+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:6179", "initial_release_date": "2023-10-30T13:03:06+00:00", "revision_history": [ { "date": "2023-10-30T13:03:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-10-30T13:03:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-21T21:48:52+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.13", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.13::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.414.3.1698292201-3.el8.src", "product": { "name": "jenkins-0:2.414.3.1698292201-3.el8.src", "product_id": "jenkins-0:2.414.3.1698292201-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.414.3.1698292201-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.13.1698292274-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.13.1698292274-1.el8.src", "product_id": "jenkins-2-plugins-0:4.13.1698292274-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1698292274-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.414.3.1698292201-3.el8.noarch", "product": { "name": "jenkins-0:2.414.3.1698292201-3.el8.noarch", "product_id": "jenkins-0:2.414.3.1698292201-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.414.3.1698292201-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1698292274-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.414.3.1698292201-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch" }, "product_reference": "jenkins-0:2.414.3.1698292201-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.414.3.1698292201-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" }, "product_reference": "jenkins-0:2.414.3.1698292201-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.13.1698292274-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.13.1698292274-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.13" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-25857", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-09-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2126789" } ], "notes": [ { "category": "description", "text": "A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service (DoS) due to missing nested depth limitation for collections.", "title": "Vulnerability description" }, { "category": "summary", "text": "snakeyaml: Denial of Service due to missing nested depth limitation for collections", "title": "Vulnerability summary" }, { "category": "other", "text": "For RHEL-8 it\u0027s downgraded to moderate because \"snakeyaml\" itself in RHEL 8 or RHEL-9 isn\u0027t shipped and \"prometheus-jmx-exporter\" is needed as build dependency. And it\u0027s not directly exploitable, hence severity marked as moderate.\nRed Hat Integration and AMQ products are not vulnerable to this flaw, so their severity has been lowered to moderate.\nRed Hat Single Sign-On uses snakeyaml from liquibase-core and is only used when performing migrations and would require administrator privileges to execute, hence severity marked as Low.\nRed Hat Fuse 7 is now in Maintenance Support Phase and details about its fix should be present soon. However, Red Hat Fuse Online (Syndesis) does will not contain the fix for this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25857" }, { "category": "external", "summary": "RHBZ#2126789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25857", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25857" }, { "category": "external", "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525", "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/525" } ], "release_date": "2022-08-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T13:03:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6179" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "snakeyaml: Denial of Service due to missing nested depth limitation for collections" }, { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T13:03:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6179" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" }, { "cve": "CVE-2022-42889", "cwe": { "id": "CWE-1188", "name": "Initialization of a Resource with an Insecure Default" }, "discovery_date": "2022-10-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135435" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-text: variable interpolation RCE", "title": "Vulnerability summary" }, { "category": "other", "text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42889" }, { "category": "external", "summary": "RHBZ#2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889" }, { "category": "external", "summary": "https://blogs.apache.org/security/entry/cve-2022-42889", "url": "https://blogs.apache.org/security/entry/cve-2022-42889" }, { "category": "external", "summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om" }, { "category": "external", "summary": "https://seclists.org/oss-sec/2022/q4/22", "url": "https://seclists.org/oss-sec/2022/q4/22" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T13:03:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6179" }, { "category": "workaround", "details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-text: variable interpolation RCE" }, { "cve": "CVE-2023-24422", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-01-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164278" } ], "notes": [ { "category": "description", "text": "A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as out of support scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24422" }, { "category": "external", "summary": "RHBZ#2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24422", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24422" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016", "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016" } ], "release_date": "2023-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T13:03:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6179" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin" }, { "cve": "CVE-2023-25761", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170039" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability. This may allow an attacker to control test case class names in the JUnit resources processed by the plugin.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25761" }, { "category": "external", "summary": "RHBZ#2170039", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170039" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25761", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25761" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25761" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3032" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T13:03:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6179" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin" }, { "cve": "CVE-2023-25762", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170041" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins pipeline-build-step plugin. Affected versions of the pipeline-build-step plugin do not escape job names in a JavaScript expression used in the Pipeline Snippet Generator. This can result in a stored cross-site scripting (XSS) vulnerability that may allow attackers to control job names.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support, therefore, the OpenShift 3.11 Jenkins component is marked as out of support scope in this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25762" }, { "category": "external", "summary": "RHBZ#2170041", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170041" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25762", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25762" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25762" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019", "url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-3019" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T13:03:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6179" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin" }, { "cve": "CVE-2023-39325", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2243296" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-39325" }, { "category": "external", "summary": "RHBZ#2243296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325", "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2023-44487", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://go.dev/issue/63417", "url": "https://go.dev/issue/63417" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T13:03:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6179" }, { "category": "workaround", "details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)" }, { "cve": "CVE-2023-44487", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2242803" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)", "title": "Vulnerability summary" }, { "category": "other", "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "RHBZ#2242803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "category": "external", "summary": "RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/277", "url": "https://github.com/dotnet/announcements/issues/277" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" }, { "category": "external", "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-30T13:03:06+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6179" }, { "category": "workaround", "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1698292274-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.414.3.1698292201-3.el8.src" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-10-10T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)" } ] }
rhsa-2023_3622
Vulnerability from csaf_redhat
Published
2023-06-15 09:03
Modified
2024-11-15 13:35
Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Notes
Topic
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)
* Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)
* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* Jenkins plugin: CSRF vulnerability in Blue Ocean Plugin (CVE-2022-30953)\n\n* Jenkins plugin: missing permission checks in Blue Ocean Plugin (CVE-2022-30954)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:3622", "url": "https://access.redhat.com/errata/RHSA-2023:3622" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://docs.openshift.com/container-platform/4.13/cicd/jenkins/important-changes-to-openshift-jenkins-images.html", "url": "https://docs.openshift.com/container-platform/4.13/cicd/jenkins/important-changes-to-openshift-jenkins-images.html" }, { "category": "external", "summary": "2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "2119646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119646" }, { "category": "external", "summary": "2119647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119647" }, { "category": "external", "summary": "2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "external", "summary": "2180528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528" }, { "category": "external", "summary": "2180530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530" }, { "category": "external", "summary": "2182788", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788" }, { "category": "external", "summary": "2188542", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3622.json" } ], "title": "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update", "tracking": { "current_release_date": "2024-11-15T13:35:07+00:00", "generator": { "date": "2024-11-15T13:35:07+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:3622", "initial_release_date": "2023-06-15T09:03:50+00:00", "revision_history": [ { "date": "2023-06-15T09:03:50+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-06-15T09:03:50+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T13:35:07+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.13", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.13::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.401.1.1686680404-3.el8.src", "product": { "name": "jenkins-0:2.401.1.1686680404-3.el8.src", "product_id": "jenkins-0:2.401.1.1686680404-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.401.1.1686680404-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.13.1686680473-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.13.1686680473-1.el8.src", "product_id": "jenkins-2-plugins-0:4.13.1686680473-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1686680473-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.401.1.1686680404-3.el8.noarch", "product": { "name": "jenkins-0:2.401.1.1686680404-3.el8.noarch", "product_id": "jenkins-0:2.401.1.1686680404-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.401.1.1686680404-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.13.1686680473-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.401.1.1686680404-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch" }, "product_reference": "jenkins-0:2.401.1.1686680404-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.401.1.1686680404-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" }, "product_reference": "jenkins-0:2.401.1.1686680404-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.13" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.13.1686680473-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.13", "product_id": "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.13.1686680473-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.13" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-29599", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "discovery_date": "2022-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2066479" } ], "notes": [ { "category": "description", "text": "A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "maven-shared-utils: Command injection via Commandline class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite ships Candlepin component, which uses the Tomcatjss module from the RHEL AppStream repository. In turn, Tomcatjss relies on Maven, which itself depends on affected Apache Maven Shared Utils. Due to the fact that Satellite does not directly use Apache Maven Shared Utils, or expose it in its code, it is considered not affected by the flaw. Satellite customers can resolve the security warning by updating to the fixed Apache Maven Shared Utils through the updated Maven module, which is available in the RHEL 8 AppStream repository. It\u0027s worth noting that this solution applies solely to RHEL 8, which supports modules exclusively, and it is not applicable to earlier versions including RHEL 7.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-29599" }, { "category": "external", "summary": "RHBZ#2066479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066479" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29599", "url": "https://www.cve.org/CVERecord?id=CVE-2022-29599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" } ], "release_date": "2020-05-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T09:03:50+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3622" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "maven-shared-utils: Command injection via Commandline class" }, { "cve": "CVE-2022-30953", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "discovery_date": "2022-08-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2119646" } ], "notes": [ { "category": "description", "text": "A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.", "title": "Vulnerability description" }, { "category": "summary", "text": "plugin: CSRF vulnerability in Blue Ocean Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30953" }, { "category": "external", "summary": "RHBZ#2119646", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119646" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30953", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30953" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30953", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30953" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T09:03:50+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3622" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "plugin: CSRF vulnerability in Blue Ocean Plugin" }, { "cve": "CVE-2022-30954", "cwe": { "id": "CWE-862", "name": "Missing Authorization" }, "discovery_date": "2022-08-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2119647" } ], "notes": [ { "category": "description", "text": "Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.", "title": "Vulnerability description" }, { "category": "summary", "text": "plugin: missing permission checks in Blue Ocean Plugin", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30954" }, { "category": "external", "summary": "RHBZ#2119647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119647" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30954", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30954" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30954", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30954" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502", "url": "https://www.jenkins.io/security/advisory/2022-05-17/#SECURITY-2502" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T09:03:50+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3622" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "plugin: missing permission checks in Blue Ocean Plugin" }, { "cve": "CVE-2023-1370", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2023-04-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2188542" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", "title": "Vulnerability description" }, { "category": "summary", "text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1370" }, { "category": "external", "summary": "RHBZ#2188542", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-493p-pfq6-5258", "url": "https://github.com/advisories/GHSA-493p-pfq6-5258" }, { "category": "external", "summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", "url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/" } ], "release_date": "2023-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T09:03:50+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3622" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)" }, { "cve": "CVE-2023-1436", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2023-03-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182788" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: Uncontrolled Recursion in JSONArray", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1436" }, { "category": "external", "summary": "RHBZ#2182788", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1436", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1436" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436" }, { "category": "external", "summary": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", "url": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/" } ], "release_date": "2023-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T09:03:50+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3622" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: Uncontrolled Recursion in JSONArray" }, { "cve": "CVE-2023-20860", "cwe": { "id": "CWE-155", "name": "Improper Neutralization of Wildcards or Matching Symbols" }, "discovery_date": "2023-03-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2180528" } ], "notes": [ { "category": "description", "text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-20860" }, { "category": "external", "summary": "RHBZ#2180528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20860" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860" }, { "category": "external", "summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", "url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861" } ], "release_date": "2023-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T09:03:50+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3622" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern" }, { "cve": "CVE-2023-20861", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-03-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2180530" } ], "notes": [ { "category": "description", "text": "A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service (DoS).", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: Spring Expression DoS Vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-20861" }, { "category": "external", "summary": "RHBZ#2180530", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180530" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20861", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20861" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20861" }, { "category": "external", "summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", "url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861" } ], "release_date": "2023-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T09:03:50+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3622" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "springframework: Spring Expression DoS Vulnerability" }, { "cve": "CVE-2023-27903", "cwe": { "id": "CWE-266", "name": "Incorrect Privilege Assignment" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177632" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI\u2019s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Temporary file parameter created with insecure permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27903" }, { "category": "external", "summary": "RHBZ#2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27903", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27903" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T09:03:50+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3622" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Temporary file parameter created with insecure permissions" }, { "cve": "CVE-2023-27904", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177634" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Information disclosure through error stack traces related to agents", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-2-plugins-0:4.13.1686680473-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27904" }, { "category": "external", "summary": "RHBZ#2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-15T09:03:50+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3622" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.noarch", "8Base-OCP-Tools-4.13:jenkins-0:2.401.1.1686680404-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Information disclosure through error stack traces related to agents" } ] }
ghsa-rhgr-952r-6p8q
Vulnerability from github
Published
2022-05-24 00:01
Modified
2022-09-08 14:20
Severity ?
Summary
Command injection in Apache Maven maven-shared-utils
Details
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.apache.maven.shared:maven-shared-utils" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "3.3.3" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2022-29599" ], "database_specific": { "cwe_ids": [ "CWE-116", "CWE-77" ], "github_reviewed": true, "github_reviewed_at": "2022-05-25T22:39:47Z", "nvd_published_at": "2022-05-23T11:16:00Z", "severity": "CRITICAL" }, "details": "In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.", "id": "GHSA-rhgr-952r-6p8q", "modified": "2022-09-08T14:20:02Z", "published": "2022-05-24T00:01:49Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29599" }, { "type": "WEB", "url": "https://github.com/apache/maven-shared-utils/pull/40" }, { "type": "PACKAGE", "url": "https://github.com/apache/maven-shared-utils" }, { "type": "WEB", "url": "https://issues.apache.org/jira/browse/MSHARED-297" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html" }, { "type": "WEB", "url": "https://www.debian.org/security/2022/dsa-5242" }, { "type": "WEB", "url": "http://www.openwall.com/lists/oss-security/2022/05/23/3" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Command injection in Apache Maven maven-shared-utils" }
wid-sec-w-2023-1016
Vulnerability from csaf_certbund
Published
2023-04-18 22:00
Modified
2023-12-26 23:00
Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1016 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1016.json" }, { "category": "self", "summary": "WID-SEC-2023-1016 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1016" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - April 2023 - Appendix Oracle Fusion Middleware vom 2023-04-18", "url": "https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixFMW" }, { "category": "external", "summary": "Dell Security Advisory DSA-2023-409 vom 2023-12-23", "url": "https://www.dell.com/support/kbdoc/000220669/dsa-2023-=" } ], "source_lang": "en-US", "title": "Oracle Fusion Middleware: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-12-26T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:24:31.957+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-1016", "initial_release_date": "2023-04-18T22:00:00.000+00:00", "revision_history": [ { "date": "2023-04-18T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-12-26T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Dell aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Fusion Middleware 12.2.1.3.0", "product": { "name": "Oracle Fusion Middleware 12.2.1.3.0", "product_id": "618028", "product_identification_helper": { "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.3.0" } } }, { "category": "product_name", "name": "Oracle Fusion Middleware 12.2.1.4.0", "product": { "name": "Oracle Fusion Middleware 12.2.1.4.0", "product_id": "751674", "product_identification_helper": { "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0" } } }, { "category": "product_name", "name": "Oracle Fusion Middleware 14.1.1.0.0", "product": { "name": "Oracle Fusion Middleware 14.1.1.0.0", "product_id": "829576", "product_identification_helper": { "cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0" } } }, { "category": "product_name", "name": "Oracle Fusion Middleware 8.5.6", "product": { "name": "Oracle Fusion Middleware 8.5.6", "product_id": "T024993", "product_identification_helper": { "cpe": "cpe:/a:oracle:fusion_middleware:8.5.6" } } } ], "category": "product_name", "name": "Fusion Middleware" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-24998", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2023-24998" }, { "cve": "CVE-2023-22899", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2023-22899" }, { "cve": "CVE-2023-21996", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2023-21996" }, { "cve": "CVE-2023-21979", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2023-21979" }, { "cve": "CVE-2023-21964", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2023-21964" }, { "cve": "CVE-2023-21960", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2023-21960" }, { "cve": "CVE-2023-21956", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2023-21956" }, { "cve": "CVE-2023-21931", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2023-21931" }, { "cve": "CVE-2022-46908", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-46908" }, { "cve": "CVE-2022-45693", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-45693" }, { "cve": "CVE-2022-45685", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-45685" }, { "cve": "CVE-2022-45047", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-45047" }, { "cve": "CVE-2022-43551", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-43551" }, { "cve": "CVE-2022-42890", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-42890" }, { "cve": "CVE-2022-42003", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-42003" }, { "cve": "CVE-2022-41966", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-41966" }, { "cve": "CVE-2022-41881", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-41881" }, { "cve": "CVE-2022-40304", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-40304" }, { "cve": "CVE-2022-40152", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-40152" }, { "cve": "CVE-2022-40151", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-40151" }, { "cve": "CVE-2022-40149", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-40149" }, { "cve": "CVE-2022-37434", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-37434" }, { "cve": "CVE-2022-36033", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-36033" }, { "cve": "CVE-2022-34305", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-34305" }, { "cve": "CVE-2022-33980", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-33980" }, { "cve": "CVE-2022-31160", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-31160" }, { "cve": "CVE-2022-29599", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-29599" }, { "cve": "CVE-2022-22965", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2022-22965" }, { "cve": "CVE-2021-37533", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2021-37533" }, { "cve": "CVE-2021-36374", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2021-36374" }, { "cve": "CVE-2021-36090", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2021-36090" }, { "cve": "CVE-2021-34798", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2021-34798" }, { "cve": "CVE-2021-31684", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2021-31684" }, { "cve": "CVE-2021-22569", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2021-22569" }, { "cve": "CVE-2020-6950", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2020-6950" }, { "cve": "CVE-2020-25638", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2020-25638" }, { "cve": "CVE-2020-13954", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2020-13954" }, { "cve": "CVE-2019-20916", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2019-20916" }, { "cve": "CVE-2018-14371", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-04-18T22:00:00Z", "title": "CVE-2018-14371" } ] }
wid-sec-w-2023-2674
Vulnerability from csaf_certbund
Published
2023-10-17 22:00
Modified
2023-12-26 23:00
Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2674 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2674.json" }, { "category": "self", "summary": "WID-SEC-2023-2674 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2674" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - October 2023 - Appendix Oracle Fusion Middleware vom 2023-10-17", "url": "https://www.oracle.com/security-alerts/cpuoct2023.html#AppendixFMW" }, { "category": "external", "summary": "Dell Security Advisory DSA-2023-409 vom 2023-12-23", "url": "https://www.dell.com/support/kbdoc/000220669/dsa-2023-=" } ], "source_lang": "en-US", "title": "Oracle Fusion Middleware: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-12-26T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:48:08.851+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2674", "initial_release_date": "2023-10-17T22:00:00.000+00:00", "revision_history": [ { "date": "2023-10-17T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-12-26T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Dell aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Fusion Middleware 12.2.1.3.0", "product": { "name": "Oracle Fusion Middleware 12.2.1.3.0", "product_id": "618028", "product_identification_helper": { "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.3.0" } } }, { "category": "product_name", "name": "Oracle Fusion Middleware 12.2.1.4.0", "product": { "name": "Oracle Fusion Middleware 12.2.1.4.0", "product_id": "751674", "product_identification_helper": { "cpe": "cpe:/a:oracle:fusion_middleware:12.2.1.4.0" } } }, { "category": "product_name", "name": "Oracle Fusion Middleware 14.1.1.0.0", "product": { "name": "Oracle Fusion Middleware 14.1.1.0.0", "product_id": "829576", "product_identification_helper": { "cpe": "cpe:/a:oracle:fusion_middleware:14.1.1.0.0" } } }, { "category": "product_name", "name": "Oracle Fusion Middleware 8.5.6", "product": { "name": "Oracle Fusion Middleware 8.5.6", "product_id": "T024993", "product_identification_helper": { "cpe": "cpe:/a:oracle:fusion_middleware:8.5.6" } } } ], "category": "product_name", "name": "Fusion Middleware" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-39022", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-39022" }, { "cve": "CVE-2023-35887", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-35887" }, { "cve": "CVE-2023-35116", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-35116" }, { "cve": "CVE-2023-34462", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-34462" }, { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-2976" }, { "cve": "CVE-2023-28708", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-28708" }, { "cve": "CVE-2023-28484", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-28484" }, { "cve": "CVE-2023-2650", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-2650" }, { "cve": "CVE-2023-24998", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-24998" }, { "cve": "CVE-2023-22127", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-22127" }, { "cve": "CVE-2023-22126", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-22126" }, { "cve": "CVE-2023-22108", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-22108" }, { "cve": "CVE-2023-22101", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-22101" }, { "cve": "CVE-2023-22089", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-22089" }, { "cve": "CVE-2023-22086", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-22086" }, { "cve": "CVE-2023-22072", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-22072" }, { "cve": "CVE-2023-22069", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-22069" }, { "cve": "CVE-2023-22019", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-22019" }, { "cve": "CVE-2023-20863", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-20863" }, { "cve": "CVE-2023-1436", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2023-1436" }, { "cve": "CVE-2022-45690", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-45690" }, { "cve": "CVE-2022-45688", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-45688" }, { "cve": "CVE-2022-44729", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-44729" }, { "cve": "CVE-2022-42920", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-42920" }, { "cve": "CVE-2022-42004", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-42004" }, { "cve": "CVE-2022-37436", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-37436" }, { "cve": "CVE-2022-29599", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-29599" }, { "cve": "CVE-2022-29546", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-29546" }, { "cve": "CVE-2022-24839", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-24839" }, { "cve": "CVE-2022-23491", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2022-23491" }, { "cve": "CVE-2021-37714", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2021-37714" }, { "cve": "CVE-2021-37136", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2021-37136" }, { "cve": "CVE-2021-36374", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2021-36374" }, { "cve": "CVE-2021-28165", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2021-28165" }, { "cve": "CVE-2020-13956", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2020-13956" }, { "cve": "CVE-2019-10086", "notes": [ { "category": "description", "text": "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"HIGH\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" \u00fcber alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" f\u00fcr die Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T024993", "618028", "751674", "829576" ] }, "release_date": "2023-10-17T22:00:00Z", "title": "CVE-2019-10086" } ] }
wid-sec-w-2022-0007
Vulnerability from csaf_certbund
Published
2022-04-26 22:00
Modified
2024-02-11 23:00
Summary
Red Hat Enterprise Linux: Schwachstelle ermöglicht Codeausführung
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um beliebigen Programmcode auszuführen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux ausnutzen, um beliebigen Programmcode auszuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0007 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0007.json" }, { "category": "self", "summary": "WID-SEC-2022-0007 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0007" }, { "category": "external", "summary": "Red Hat Security Advisory vom 2022-04-26", "url": "https://access.redhat.com/errata/RHSA-2022:1541" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-1541 vom 2022-04-30", "url": "http://linux.oracle.com/errata/ELSA-2022-1541.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:1662 vom 2022-05-02", "url": "https://access.redhat.com/errata/RHSA-2022:1662" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS2-2022-1794 vom 2022-05-05", "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1794.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2022-060 vom 2022-05-06", "url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-060.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:4699 vom 2022-05-23", "url": "https://access.redhat.com/errata/RHSA-2022:4699" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:4798 vom 2022-05-30", "url": "https://access.redhat.com/errata/RHSA-2022:4798" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:4797 vom 2022-05-30", "url": "https://access.redhat.com/errata/RHSA-2022:4797" }, { "category": "external", "summary": "AVAYA Security Advisory ASA-2022-077 vom 2022-05-31", "url": "https://downloads.avaya.com/css/P8/documents/101082095" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-4798 vom 2022-06-02", "url": "http://linux.oracle.com/errata/ELSA-2022-4798.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-4797 vom 2022-06-02", "url": "http://linux.oracle.com/errata/ELSA-2022-4797.html" }, { "category": "external", "summary": "Debian Security Advisory DLA-3059 vom 2022-06-29", "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00022.html" }, { "category": "external", "summary": "Debian Security Advisory DLA-3086 vom 2022-08-29", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:9098 vom 2023-01-04", "url": "https://access.redhat.com/errata/RHSA-2022:9098" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:0574 vom 2023-02-09", "url": "https://access.redhat.com/errata/RHSA-2023:0574" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:0573 vom 2023-02-10", "url": "https://access.redhat.com/errata/RHSA-2023:0573" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3622 vom 2023-06-15", "url": "https://access.redhat.com/errata/RHSA-2023:3622" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0776 vom 2024-02-12", "url": "https://access.redhat.com/errata/RHSA-2024:0776" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0777 vom 2024-02-12", "url": "https://access.redhat.com/errata/RHSA-2024:0777" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0778 vom 2024-02-12", "url": "https://access.redhat.com/errata/RHSA-2024:0778" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0775 vom 2024-02-12", "url": "https://access.redhat.com/errata/RHSA-2024:0775" } ], "source_lang": "en-US", "title": "Red Hat Enterprise Linux: Schwachstelle erm\u00f6glicht Codeausf\u00fchrung", "tracking": { "current_release_date": "2024-02-11T23:00:00.000+00:00", "generator": { "date": "2024-02-15T16:44:43.753+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-0007", "initial_release_date": "2022-04-26T22:00:00.000+00:00", "revision_history": [ { "date": "2022-04-26T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-05-01T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2022-05-05T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2022-05-08T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2022-05-23T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-05-30T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-06-01T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von AVAYA aufgenommen" }, { "date": "2022-06-02T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2022-06-29T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2022-08-29T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2023-01-04T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-01-16T23:00:00.000+00:00", "number": "12", "summary": "Korrektur" }, { "date": "2023-02-09T23:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-06-15T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-02-11T23:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "15" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Avaya Aura Application Enablement Services", "product": { "name": "Avaya Aura Application Enablement Services", "product_id": "T015516", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_application_enablement_services:-" } } }, { "category": "product_name", "name": "Avaya Aura Communication Manager", "product": { "name": "Avaya Aura Communication Manager", "product_id": "T015126", "product_identification_helper": { "cpe": "cpe:/a:avaya:communication_manager:-" } } }, { "category": "product_name", "name": "Avaya Aura Experience Portal", "product": { "name": "Avaya Aura Experience Portal", "product_id": "T015519", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_experience_portal:-" } } }, { "category": "product_name", "name": "Avaya Aura Session Manager", "product": { "name": "Avaya Aura Session Manager", "product_id": "T015127", "product_identification_helper": { "cpe": "cpe:/a:avaya:session_manager:-" } } }, { "category": "product_name", "name": "Avaya Aura System Manager", "product": { "name": "Avaya Aura System Manager", "product_id": "T015518", "product_identification_helper": { "cpe": "cpe:/a:avaya:aura_system_manager:-" } } } ], "category": "vendor", "name": "Avaya" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "category": "product_version", "name": "7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "T007627", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7" } } } ], "category": "product_name", "name": "Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "Container Platform 4.10", "product": { "name": "Red Hat OpenShift Container Platform 4.10", "product_id": "T025742", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform_4.10" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-29599", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Red Hat Enterprise Linux. Der Fehler besteht aufgrund einer unsachgem\u00e4\u00dfen Neutralisierung von speziellen Elementen, die in einem Befehl in der Komponente maven-shared-utils verwendet werden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Befehle \u00fcber die Befehlszeilenklasse einzuschleusen." } ], "product_status": { "known_affected": [ "T015519", "T015518", "2951", "67646", "T015516", "T015127", "T007627", "398363", "T015126", "T025742", "T004914" ] }, "release_date": "2022-04-26T22:00:00Z", "title": "CVE-2022-29599" } ] }
gsd-2022-29599
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2022-29599", "description": "In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.", "id": "GSD-2022-29599", "references": [ "https://access.redhat.com/errata/RHSA-2022:1541", "https://www.suse.com/security/cve/CVE-2022-29599.html", "https://security.archlinux.org/CVE-2022-29599", "https://linux.oracle.com/cve/CVE-2022-29599.html", "https://access.redhat.com/errata/RHSA-2022:1662", "https://access.redhat.com/errata/RHSA-2022:4699", "https://access.redhat.com/errata/RHSA-2022:4797", "https://access.redhat.com/errata/RHSA-2022:4798", "https://www.debian.org/security/2022/dsa-5242", "https://access.redhat.com/errata/RHSA-2022:9098", "https://access.redhat.com/errata/RHSA-2023:0573" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2022-29599" ], "details": "In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.", "id": "GSD-2022-29599", "modified": "2023-12-13T01:19:41.693162Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2022-29599", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Maven", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "maven-shared-utils", "version_value": "3.3.3" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-116", "lang": "eng", "value": "CWE-116 Improper Encoding or Escaping of Output" } ] } ] }, "references": { "reference_data": [ { "name": "https://issues.apache.org/jira/browse/MSHARED-297", "refsource": "MISC", "url": "https://issues.apache.org/jira/browse/MSHARED-297" }, { "name": "https://github.com/apache/maven-shared-utils/pull/40", "refsource": "MISC", "url": "https://github.com/apache/maven-shared-utils/pull/40" }, { "name": "http://www.openwall.com/lists/oss-security/2022/05/23/3", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2022/05/23/3" }, { "name": "https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html", "refsource": "MISC", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html" }, { "name": "https://www.debian.org/security/2022/dsa-5242", "refsource": "MISC", "url": "https://www.debian.org/security/2022/dsa-5242" } ] }, "source": { "defect": [ "MSHARED-297" ], "discovery": "UNKNOWN" } }, "gitlab.com": { "advisories": [ { "affected_range": "(,3.3.3)", "affected_versions": "All versions before 3.3.3", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-116", "CWE-937" ], "date": "2023-06-28", "description": "In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.", "fixed_versions": [ "3.3.3" ], "identifier": "CVE-2022-29599", "identifiers": [ "CVE-2022-29599", "GHSA-rhgr-952r-6p8q" ], "not_impacted": "All versions starting from 3.3.3", "package_slug": "maven/org.apache.maven.shared/maven-shared-utils", "pubdate": "2022-05-23", "solution": "Upgrade to version 3.3.3 or above.", "title": "Command injection in Apache Maven maven-shared-utils", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2022-29599", "https://github.com/apache/maven-shared-utils/pull/40", "https://issues.apache.org/jira/browse/MSHARED-297", "http://www.openwall.com/lists/oss-security/2022/05/23/3", "https://github.com/advisories/GHSA-rhgr-952r-6p8q" ], "uuid": "cb4e20a5-ae4f-4527-8aa5-f702fb50ece0" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:maven_shared_utils:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2022-29599" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-116" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/apache/maven-shared-utils/pull/40", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/apache/maven-shared-utils/pull/40" }, { "name": "https://issues.apache.org/jira/browse/MSHARED-297", "refsource": "MISC", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://issues.apache.org/jira/browse/MSHARED-297" }, { "name": "[oss-security] 20220523 CVE-2022-29599: Apache Maven: Commandline class shell injection vulnerabilities", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/05/23/3" }, { "name": "[debian-lts-announce] 20220829 [SECURITY] [DLA 3086-1] maven-shared-utils security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00018.html" }, { "name": "DSA-5242", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5242" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } }, "lastModifiedDate": "2023-09-28T09:15Z", "publishedDate": "2022-05-23T11:16Z" } } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.