Action not permitted
Modal body text goes here.
cve-2022-30123
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
n/a | https://github.com/rack/rack |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:40:47.582Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728" }, { "name": "DSA-5530", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5530" }, { "name": "GLSA-202310-18", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-18" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231208-0011/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/rack/rack", "vendor": "n/a", "versions": [ { "status": "affected", "version": "2.0.9.1, 2.1.4.1, 2.2.3.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-150", "description": "Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-08T22:06:15.677017", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728" }, { "name": "DSA-5530", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5530" }, { "name": "GLSA-202310-18", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-18" }, { "url": "https://security.netapp.com/advisory/ntap-20231208-0011/" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-30123", "datePublished": "2022-12-05T00:00:00", "dateReserved": "2022-05-02T00:00:00", "dateUpdated": "2024-08-03T06:40:47.582Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-30123\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2022-12-05T22:15:10.280\",\"lastModified\":\"2023-12-08T22:15:07.257\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de inyecci\u00f3n de secuencia en Rack \u0026lt;2.0.9.1, \u0026lt;2.1.4.1 y \u0026lt;2.2.3.1 que podr\u00eda permitir un posible escape de shell en los componentes Lint y CommonLogger de Rack.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]},{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-150\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.9.1\",\"matchCriteriaId\":\"47D52179-BB26-40C6-95F0-4466A962CF91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.1.0\",\"versionEndExcluding\":\"2.1.4.1\",\"matchCriteriaId\":\"32E774AF-E7BB-45EB-B5E4-66F8F5D36285\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.0\",\"versionEndExcluding\":\"2.2.3.1\",\"matchCriteriaId\":\"6145EE1D-85D5-4744-BA51-88EC52FF2891\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202310-18\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231208-0011/\",\"source\":\"support@hackerone.com\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5530\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
wid-sec-w-2022-0262
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Ruby ist eine interpretierte, objektorientierte Skriptsprache.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Ruby ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder beliebigen Programmcode auszuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- MacOS X\n- Windows\n- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-0262 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0262.json" }, { "category": "self", "summary": "WID-SEC-2022-0262 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0262" }, { "category": "external", "summary": "Gentoo Linux Security Advisory GLSA-202310-18 vom 2023-10-30", "url": "https://www.cybersecurity-help.cz/vdb/SB2023103029" }, { "category": "external", "summary": "Debian Security Advisory DSA-5530 vom 2023-10-22", "url": "https://lists.debian.org/debian-security-announce/2023/msg00226.html" }, { "category": "external", "summary": "Debian Security Advisory DLA-3566 vom 2023-09-13", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00012.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1486 vom 2023-03-28", "url": "https://access.redhat.com/errata/RHSA-2023:1486" }, { "category": "external", "summary": "Ubuntu Security Notice USN-5896-1 vom 2023-02-27", "url": "https://ubuntu.com/security/notices/USN-5896-1" }, { "category": "external", "summary": "Ruby on Rails Release Notes vom 2022-06-09", "url": "https://discuss.rubyonrails.org/t/cve-2022-32209-possible-xss-vulnerability-in-rails-sanitizer/80800" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:2192-1 vom 2022-06-27", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-June/011366.html" }, { "category": "external", "summary": "PoC vom 2022-07-07", "url": "https://hackerone.com/reports/1530898" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:2526-1 vom 2022-07-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011630.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:2870-1 vom 2022-08-23", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011964.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2022:2885-1 vom 2022-08-24", "url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011985.html" }, { "category": "external", "summary": "Debian Security Advisory DLA-3095 vom 2022-09-04", "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00004.html" }, { "category": "external", "summary": "HCL Article KB0100982 vom 2022-10-12", "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0100982" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:7343 vom 2022-11-02", "url": "https://access.redhat.com/errata/RHSA-2022:7343" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2022-7343 vom 2022-11-03", "url": "https://linux.oracle.com/errata/ELSA-2022-7343.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8506 vom 2022-11-16", "url": "https://access.redhat.com/errata/RHSA-2022:8506" }, { "category": "external", "summary": "Debian Security Advisory DLA-3227 vom 2022-12-06", "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2022-1895 vom 2022-12-07", "url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1895.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:0632 vom 2023-02-15", "url": "https://access.redhat.com/errata/RHSA-2023:0632" } ], "source_lang": "en-US", "title": "Ruby: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-10-29T23:00:00.000+00:00", "generator": { "date": "2024-02-15T16:47:46.811+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2022-0262", "initial_release_date": "2022-06-09T22:00:00.000+00:00", "revision_history": [ { "date": "2022-06-09T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2022-06-27T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-07-06T22:00:00.000+00:00", "number": "3", "summary": "PoC f\u00fcr Schwachstelle CVE-2022-32209 hinzugef\u00fcgt" }, { "date": "2022-07-24T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-08-22T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-08-24T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2022-09-04T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2022-10-12T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von HCL aufgenommen" }, { "date": "2022-11-02T23:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen" }, { "date": "2022-11-16T23:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2022-12-06T23:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Debian und Amazon aufgenommen" }, { "date": "2023-02-15T23:00:00.000+00:00", "number": "12", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-02-27T23:00:00.000+00:00", "number": "13", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2023-03-27T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-09-13T22:00:00.000+00:00", "number": "15", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2023-10-22T22:00:00.000+00:00", "number": "16", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2023-10-29T23:00:00.000+00:00", "number": "17", "summary": "Neue Updates von Gentoo aufgenommen" } ], "status": "final", "version": "17" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "Gentoo Linux", "product": { "name": "Gentoo Linux", "product_id": "T012167", "product_identification_helper": { "cpe": "cpe:/o:gentoo:linux:-" } } } ], "category": "vendor", "name": "Gentoo" }, { "branches": [ { "category": "product_name", "name": "HCL BigFix \u003c 10.0.10.0", "product": { "name": "HCL BigFix \u003c 10.0.10.0", "product_id": "T024886", "product_identification_helper": { "cpe": "cpe:/a:hcltech:bigfix:10.0.10.0" } } } ], "category": "vendor", "name": "HCL" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Open Source Ruby \u003c v1.4.3", "product": { "name": "Open Source Ruby \u003c v1.4.3", "product_id": "T023449", "product_identification_helper": { "cpe": "cpe:/a:ruby-lang:ruby:v1.4.3" } } }, { "category": "product_name", "name": "Open Source Ruby \u003c 2.0.9.1", "product": { "name": "Open Source Ruby \u003c 2.0.9.1", "product_id": "T023450", "product_identification_helper": { "cpe": "cpe:/a:ruby-lang:ruby:2.0.9.1" } } }, { "category": "product_name", "name": "Open Source Ruby \u003c 2.1.4.1", "product": { "name": "Open Source Ruby \u003c 2.1.4.1", "product_id": "T023451", "product_identification_helper": { "cpe": "cpe:/a:ruby-lang:ruby:2.1.4.1" } } }, { "category": "product_name", "name": "Open Source Ruby \u003c 2.2.3.1", "product": { "name": "Open Source Ruby \u003c 2.2.3.1", "product_id": "T023452", "product_identification_helper": { "cpe": "cpe:/a:ruby-lang:ruby:2.2.3.1" } } } ], "category": "product_name", "name": "Ruby" } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-30122", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Ruby. Der Fehler besteht in der Multiparser-Funktion der Komponente \"Rack\". Mithilfe eines speziellen Post-Requests kann diese Schawchstelle ausgenutzt werden, was zu einer langen Verarbeitung f\u00fchrt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T024886", "T000126", "398363", "T012167", "T004914" ] }, "release_date": "2022-06-09T22:00:00Z", "title": "CVE-2022-30122" }, { "cve": "CVE-2022-30123", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Ruby. Der Fehler besteht in der Komponente \"Rack\" und erm\u00f6glicht es mithilfe von speziellen Requests Befehle auf dem Terminal des Opfers auszuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T024886", "T000126", "398363", "T012167", "T004914" ] }, "release_date": "2022-06-09T22:00:00Z", "title": "CVE-2022-30123" }, { "cve": "CVE-2022-32209", "notes": [ { "category": "description", "text": "In Ruby existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden in \"Rails::Html::Sanitizer\" nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T024886", "T000126", "398363", "T012167", "T004914" ] }, "release_date": "2022-06-09T22:00:00Z", "title": "CVE-2022-32209" } ] }
wid-sec-w-2023-1737
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.\r\nSRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.\r\nDie Juniper MX-Serie ist eine Produktfamilie von Routern.\r\nDie Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in verschiedenen Juniper Produkten ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern.", "title": "Angriff" }, { "category": "general", "text": "- BIOS/Firmware", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1737 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1737.json" }, { "category": "self", "summary": "WID-SEC-2023-1737 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1737" }, { "category": "external", "summary": "Juniper Security Advisory vom 2023-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71656" }, { "category": "external", "summary": "Juniper Security Advisory vom 2023-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71659" }, { "category": "external", "summary": "Juniper Security Advisory vom 2023-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71653" }, { "category": "external", "summary": "Juniper Security Advisory vom 2023-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71650" }, { "category": "external", "summary": "Juniper Security Advisory vom 2023-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71660" }, { "category": "external", "summary": "Juniper Security Advisory vom 2023-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71655" }, { "category": "external", "summary": "Juniper Security Advisory vom 2023-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71647" }, { "category": "external", "summary": "Juniper Security Advisory vom 2023-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71643" }, { "category": "external", "summary": "Juniper Security Advisory vom 2023-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71642" }, { "category": "external", "summary": "Juniper Security Advisory vom 2023-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71651" }, { "category": "external", "summary": "Juniper Security Advisory vom 2023-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71640" }, { "category": "external", "summary": "Juniper Security Advisory vom 2023-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71661" }, { "category": "external", "summary": "Juniper Security Advisory vom 2023-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71639" }, { "category": "external", "summary": "Juniper Security Advisory vom 2023-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71662" }, { "category": "external", "summary": "Juniper Security Advisory vom 2023-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71645" }, { "category": "external", "summary": "Juniper Security Advisory vom 2023-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71641" }, { "category": "external", "summary": "Juniper Security Advisory vom 2023-07-12", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA71636" } ], "source_lang": "en-US", "title": "Juniper Patchday Juli 2023", "tracking": { "current_release_date": "2023-07-12T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:36:20.142+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-1737", "initial_release_date": "2023-07-12T22:00:00.000+00:00", "revision_history": [ { "date": "2023-07-12T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Juniper JUNOS", "product": { "name": "Juniper JUNOS", "product_id": "5930", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:-" } } }, { "category": "product_name", "name": "Juniper JUNOS Evolved", "product": { "name": "Juniper JUNOS Evolved", "product_id": "T018886", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:evolved" } } }, { "category": "product_name", "name": "Juniper JUNOS PTX10001-36MR", "product": { "name": "Juniper JUNOS PTX10001-36MR", "product_id": "T028577", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:ptx10001-36mr" } } }, { "category": "product_name", "name": "Juniper JUNOS PTX10004", "product": { "name": "Juniper JUNOS PTX10004", "product_id": "T028578", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:ptx10004" } } }, { "category": "product_name", "name": "Juniper JUNOS PTX10008", "product": { "name": "Juniper JUNOS PTX10008", "product_id": "T028579", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:ptx10008" } } }, { "category": "product_name", "name": "Juniper JUNOS PTX10016", "product": { "name": "Juniper JUNOS PTX10016", "product_id": "T028580", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:ptx10016" } } }, { "category": "product_name", "name": "Juniper JUNOS Contrail Cloud", "product": { "name": "Juniper JUNOS Contrail Cloud", "product_id": "T028581", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:contrail_cloud" } } }, { "category": "product_name", "name": "Juniper JUNOS Space", "product": { "name": "Juniper JUNOS Space", "product_id": "T028582", "product_identification_helper": { "cpe": "cpe:/o:juniper:junos:space" } } } ], "category": "product_name", "name": "JUNOS" }, { "category": "product_name", "name": "Juniper MX Series", "product": { "name": "Juniper MX Series", "product_id": "918766", "product_identification_helper": { "cpe": "cpe:/h:juniper:mx:-" } } }, { "category": "product_name", "name": "Juniper QFX Series 10000", "product": { "name": "Juniper QFX Series 10000", "product_id": "T027256", "product_identification_helper": { "cpe": "cpe:/h:juniper:qfx:qfx10000" } } }, { "branches": [ { "category": "product_name", "name": "Juniper SRX Series", "product": { "name": "Juniper SRX Series", "product_id": "T008011", "product_identification_helper": { "cpe": "cpe:/h:juniper:srx_service_gateways:-" } } }, { "category": "product_name", "name": "Juniper SRX Series 5000", "product": { "name": "Juniper SRX Series 5000", "product_id": "T025822", "product_identification_helper": { "cpe": "cpe:/h:juniper:srx_service_gateways:5000" } } }, { "category": "product_name", "name": "Juniper SRX Series 4600", "product": { "name": "Juniper SRX Series 4600", "product_id": "T028576", "product_identification_helper": { "cpe": "cpe:/h:juniper:srx_service_gateways:4600" } } } ], "category": "product_name", "name": "SRX Series" } ], "category": "vendor", "name": "Juniper" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-36850", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2023-36850" }, { "cve": "CVE-2023-36849", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2023-36849" }, { "cve": "CVE-2023-36848", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2023-36848" }, { "cve": "CVE-2023-36840", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2023-36840" }, { "cve": "CVE-2023-36838", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2023-36838" }, { "cve": "CVE-2023-36836", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2023-36836" }, { "cve": "CVE-2023-36835", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2023-36835" }, { "cve": "CVE-2023-36834", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2023-36834" }, { "cve": "CVE-2023-36833", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2023-36833" }, { "cve": "CVE-2023-36832", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2023-36832" }, { "cve": "CVE-2023-36831", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2023-36831" }, { "cve": "CVE-2023-28985", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2023-28985" }, { "cve": "CVE-2022-4378", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-4378" }, { "cve": "CVE-2022-42898", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-42898" }, { "cve": "CVE-2022-42703", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-42703" }, { "cve": "CVE-2022-41974", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-41974" }, { "cve": "CVE-2022-38023", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-38023" }, { "cve": "CVE-2022-3276", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-3276" }, { "cve": "CVE-2022-31629", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-31629" }, { "cve": "CVE-2022-31628", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-31628" }, { "cve": "CVE-2022-31627", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-31627" }, { "cve": "CVE-2022-31626", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-31626" }, { "cve": "CVE-2022-31625", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-31625" }, { "cve": "CVE-2022-30123", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-30123" }, { "cve": "CVE-2022-29901", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-29901" }, { "cve": "CVE-2022-29900", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-29900" }, { "cve": "CVE-2022-2964", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-2964" }, { "cve": "CVE-2022-2795", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-2795" }, { "cve": "CVE-2022-26373", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-26373" }, { "cve": "CVE-2022-2588", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-2588" }, { "cve": "CVE-2022-23825", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2022-23825" }, { "cve": "CVE-2021-40085", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2021-40085" }, { "cve": "CVE-2021-26401", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2021-26401" }, { "cve": "CVE-2021-25220", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2021-25220" }, { "cve": "CVE-2021-21708", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2021-21708" }, { "cve": "CVE-2021-21707", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2021-21707" }, { "cve": "CVE-2021-21705", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2021-21705" }, { "cve": "CVE-2021-21704", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2021-21704" }, { "cve": "CVE-2021-21703", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2021-21703" }, { "cve": "CVE-2021-21702", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2021-21702" }, { "cve": "CVE-2020-7071", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2020-7071" }, { "cve": "CVE-2020-13946", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2020-13946" }, { "cve": "CVE-2020-13817", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2020-13817" }, { "cve": "CVE-2020-11868", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2020-11868" }, { "cve": "CVE-2019-11358", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2019-11358" }, { "cve": "CVE-2017-7655", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2017-7655" }, { "cve": "CVE-2017-7654", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2017-7654" }, { "cve": "CVE-2017-7653", "notes": [ { "category": "description", "text": "Es existieren mehrere Schwachstellen in Juniper JUNOS, JUNOS Evolved, sowie JUNOS Space und zugeh\u00f6rigen Produkten. Dazu z\u00e4hlen SRX, MX, PTX, QFX, Contrail Cloud und mehrere Produkten von Drittanbietern wie PHP, jQuery, Openstack, sowie AMD- und Intel-Prozessoren. Sie werden u. a. durch unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfungen, Out-of-Bounds-Read, unsachgem\u00e4\u00dfe Validierungen, Use-after-free-Fehler und die Verwendung einer nicht initialisierten Ressource verursacht. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und seine Privilegien zu erweitern." } ], "product_status": { "known_affected": [ "T028581", "T028582", "T028580", "918766", "T018886", "T025822", "5930", "T028578", "T028579", "T027256", "T028576", "T028577", "T008011" ] }, "release_date": "2023-07-12T22:00:00Z", "title": "CVE-2017-7653" } ] }
ghsa-wq4h-7r42-5hrr
Vulnerability from github
There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger components of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-30123.
Versions Affected: All. Not affected: None Fixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1
Impact
Carefully crafted requests can cause shell escape sequences to be written to the terminal via Rack's Lint middleware and CommonLogger middleware. These escape sequences can be leveraged to possibly execute commands in the victim's terminal.
Impacted applications will have either of these middleware installed, and vulnerable apps may have something like this:
use Rack::Lint
Or
use Rack::CommonLogger
All users running an affected release should either upgrade or use one of the workarounds immediately.
Workarounds
Remove these middleware from your application
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 2.0.9.0" }, "package": { "ecosystem": "RubyGems", "name": "rack" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.0.9.1" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 2.1.4.0" }, "package": { "ecosystem": "RubyGems", "name": "rack" }, "ranges": [ { "events": [ { "introduced": "2.1" }, { "fixed": "2.1.4.1" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 2.2.3.0" }, "package": { "ecosystem": "RubyGems", "name": "rack" }, "ranges": [ { "events": [ { "introduced": "2.2" }, { "fixed": "2.2.3.1" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2022-30123" ], "database_specific": { "cwe_ids": [ "CWE-150" ], "github_reviewed": true, "github_reviewed_at": "2022-05-27T16:36:51Z", "nvd_published_at": "2022-12-05T22:15:00Z", "severity": "CRITICAL" }, "details": "There is a possible shell escape sequence injection vulnerability in the Lint\nand CommonLogger components of Rack. This vulnerability has been assigned the\nCVE identifier CVE-2022-30123.\n\nVersions Affected: All.\nNot affected: None\nFixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1\n\n## Impact\nCarefully crafted requests can cause shell escape sequences to be written to\nthe terminal via Rack\u0027s Lint middleware and CommonLogger middleware. These\nescape sequences can be leveraged to possibly execute commands in the victim\u0027s\nterminal.\n\nImpacted applications will have either of these middleware installed, and\nvulnerable apps may have something like this:\n\n```\nuse Rack::Lint\n```\n\nOr\n\n```\nuse Rack::CommonLogger\n```\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\n## Workarounds\nRemove these middleware from your application\n", "id": "GHSA-wq4h-7r42-5hrr", "modified": "2022-12-07T14:37:27Z", "published": "2022-05-27T16:36:51Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30123" }, { "type": "WEB", "url": "https://github.com/rack/rack/commit/b426cc224908ec6ed6eb8729325392b048215d88" }, { "type": "WEB", "url": "https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728" }, { "type": "PACKAGE", "url": "https://github.com/rack/rack" }, { "type": "WEB", "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30123.yml" }, { "type": "WEB", "url": "https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202310-18" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20231208-0011" }, { "type": "WEB", "url": "https://www.debian.org/security/2023/dsa-5530" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Possible shell escape sequence injection vulnerability in Rack" }
rhsa-2022_7343
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for pcs is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nSecurity Fix(es):\n\n* rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123)\n\n* jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:7343", "url": "https://access.redhat.com/errata/RHSA-2022:7343" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "2099524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099524" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7343.json" } ], "title": "Red Hat Security Advisory: pcs security update", "tracking": { "current_release_date": "2024-11-22T20:32:30+00:00", "generator": { "date": "2024-11-22T20:32:30+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:7343", "initial_release_date": "2022-11-02T16:34:31+00:00", "revision_history": [ { "date": "2022-11-02T16:34:31+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-02T16:34:31+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T20:32:30+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Server High Availability (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server High Availability (v. 7)", "product_id": "7Server-HighAvailability-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Resilient Storage (v. 7)", "product": { "name": "Red Hat Enterprise Linux Server Resilient Storage (v. 7)", "product_id": "7Server-ResilientStorage-7.9.Z", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:7::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "pcs-0:0.9.169-3.el7_9.3.src", "product": { "name": "pcs-0:0.9.169-3.el7_9.3.src", "product_id": "pcs-0:0.9.169-3.el7_9.3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs@0.9.169-3.el7_9.3?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "pcs-0:0.9.169-3.el7_9.3.x86_64", "product": { "name": "pcs-0:0.9.169-3.el7_9.3.x86_64", "product_id": "pcs-0:0.9.169-3.el7_9.3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs@0.9.169-3.el7_9.3?arch=x86_64" } } }, { "category": "product_version", "name": "pcs-snmp-0:0.9.169-3.el7_9.3.x86_64", "product": { "name": "pcs-snmp-0:0.9.169-3.el7_9.3.x86_64", "product_id": "pcs-snmp-0:0.9.169-3.el7_9.3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs-snmp@0.9.169-3.el7_9.3?arch=x86_64" } } }, { "category": "product_version", "name": "pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "product": { "name": "pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "product_id": "pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.169-3.el7_9.3?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "pcs-0:0.9.169-3.el7_9.3.s390x", "product": { "name": "pcs-0:0.9.169-3.el7_9.3.s390x", "product_id": "pcs-0:0.9.169-3.el7_9.3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs@0.9.169-3.el7_9.3?arch=s390x" } } }, { "category": "product_version", "name": "pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "product": { "name": "pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "product_id": "pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs-snmp@0.9.169-3.el7_9.3?arch=s390x" } } }, { "category": "product_version", "name": "pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "product": { "name": "pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "product_id": "pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.169-3.el7_9.3?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "pcs-0:0.9.169-3.el7_9.3.ppc64le", "product": { "name": "pcs-0:0.9.169-3.el7_9.3.ppc64le", "product_id": "pcs-0:0.9.169-3.el7_9.3.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs@0.9.169-3.el7_9.3?arch=ppc64le" } } }, { "category": "product_version", "name": "pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "product": { "name": "pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "product_id": "pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs-snmp@0.9.169-3.el7_9.3?arch=ppc64le" } } }, { "category": "product_version", "name": "pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "product": { "name": "pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "product_id": "pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.169-3.el7_9.3?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.9.169-3.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", "product_id": "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le" }, "product_reference": "pcs-0:0.9.169-3.el7_9.3.ppc64le", "relates_to_product_reference": "7Server-HighAvailability-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.9.169-3.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", "product_id": "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x" }, "product_reference": "pcs-0:0.9.169-3.el7_9.3.s390x", "relates_to_product_reference": "7Server-HighAvailability-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.9.169-3.el7_9.3.src as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", "product_id": "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src" }, "product_reference": "pcs-0:0.9.169-3.el7_9.3.src", "relates_to_product_reference": "7Server-HighAvailability-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.9.169-3.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", "product_id": "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64" }, "product_reference": "pcs-0:0.9.169-3.el7_9.3.x86_64", "relates_to_product_reference": "7Server-HighAvailability-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", "product_id": "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le" }, "product_reference": "pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "relates_to_product_reference": "7Server-HighAvailability-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", "product_id": "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x" }, "product_reference": "pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "relates_to_product_reference": "7Server-HighAvailability-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", "product_id": "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64" }, "product_reference": "pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "relates_to_product_reference": "7Server-HighAvailability-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", "product_id": "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le" }, "product_reference": "pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "relates_to_product_reference": "7Server-HighAvailability-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-snmp-0:0.9.169-3.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", "product_id": "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x" }, "product_reference": "pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "relates_to_product_reference": "7Server-HighAvailability-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-snmp-0:0.9.169-3.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)", "product_id": "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64" }, "product_reference": "pcs-snmp-0:0.9.169-3.el7_9.3.x86_64", "relates_to_product_reference": "7Server-HighAvailability-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.9.169-3.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", "product_id": "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le" }, "product_reference": "pcs-0:0.9.169-3.el7_9.3.ppc64le", "relates_to_product_reference": "7Server-ResilientStorage-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.9.169-3.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", "product_id": "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x" }, "product_reference": "pcs-0:0.9.169-3.el7_9.3.s390x", "relates_to_product_reference": "7Server-ResilientStorage-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.9.169-3.el7_9.3.src as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", "product_id": "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src" }, "product_reference": "pcs-0:0.9.169-3.el7_9.3.src", "relates_to_product_reference": "7Server-ResilientStorage-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-0:0.9.169-3.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", "product_id": "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64" }, "product_reference": "pcs-0:0.9.169-3.el7_9.3.x86_64", "relates_to_product_reference": "7Server-ResilientStorage-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", "product_id": "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le" }, "product_reference": "pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "relates_to_product_reference": "7Server-ResilientStorage-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", "product_id": "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x" }, "product_reference": "pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "relates_to_product_reference": "7Server-ResilientStorage-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", "product_id": "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64" }, "product_reference": "pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "relates_to_product_reference": "7Server-ResilientStorage-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", "product_id": "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le" }, "product_reference": "pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "relates_to_product_reference": "7Server-ResilientStorage-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-snmp-0:0.9.169-3.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", "product_id": "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x" }, "product_reference": "pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "relates_to_product_reference": "7Server-ResilientStorage-7.9.Z" }, { "category": "default_component_of", "full_product_name": { "name": "pcs-snmp-0:0.9.169-3.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)", "product_id": "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64" }, "product_reference": "pcs-snmp-0:0.9.169-3.el7_9.3.x86_64", "relates_to_product_reference": "7Server-ResilientStorage-7.9.Z" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-11358", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2019-03-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1701972" } ], "notes": [ { "category": "description", "text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-11358" }, { "category": "external", "summary": "RHBZ#1701972", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358" }, { "category": "external", "summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" }, { "category": "external", "summary": "https://www.drupal.org/sa-core-2019-006", "url": "https://www.drupal.org/sa-core-2019-006" } ], "release_date": "2019-03-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-02T16:34:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7343" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection" }, { "cve": "CVE-2020-11023", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2020-06-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1850004" } ], "notes": [ { "category": "description", "text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. However, the vulnerability has not been found to be exploitable in reasonable scenarios. \n\nIn RHEL7, pcs-0.9.169-3.el7_9.3 [RHSA-2022:7343] contains an updated version of jquery (3.6.0), which does not contain the vulnerable code.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11023" }, { "category": "external", "summary": "RHBZ#1850004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023" }, { "category": "external", "summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/", "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/" } ], "release_date": "2020-04-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-02T16:34:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7343" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods" }, { "cve": "CVE-2022-30123", "cwe": { "id": "CWE-179", "name": "Incorrect Behavior Order: Early Validation" }, "discovery_date": "2022-06-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2099524" } ], "notes": [ { "category": "description", "text": "A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack\u0027s `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim\u0027s terminal.", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-rack: crafted requests can cause shell escape sequences", "title": "Vulnerability summary" }, { "category": "other", "text": "- Because Red Hat OpenStack Platform 13.0 Operational Tools packaged the flawed code, but does not use its functionality, its Impact has been reduced to \u0027Low\u0027.\n- To exploit this vulnerability, applications should have either of these middlewares \u0027Lint\u0027 or \u0027CommonLogger\u0027 installed, and vulnerable apps may have something like this: \n\u0027use Rack::Lint\u0027 OR \u0027use Rack::CommonLogger\u0027\nThe Red Hat products use the flawed code but don\u0027t use its functionality, Hence, the impact is set to Important.\n- Logging Subsystem for Red Hat OpenShift uses the vulnerable ruby gem-rack package in the openshift-logging/fluentd-rhel8 component to instantiate client-to-server communication. But, this component cannot receive any requests so exploitation by crafted request consumption is not possible. Therefore the impact of this vulnerability on the Logging Subsystem for Red Hat OpenShift is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30123" }, { "category": "external", "summary": "RHBZ#2099524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099524" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30123", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30123" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30123", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30123" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-wq4h-7r42-5hrr", "url": "https://github.com/advisories/GHSA-wq4h-7r42-5hrr" } ], "release_date": "2022-05-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-02T16:34:31+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:7343" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-HighAvailability-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-HighAvailability-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.src", "7Server-ResilientStorage-7.9.Z:pcs-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-debuginfo-0:0.9.169-3.el7_9.3.x86_64", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.ppc64le", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.s390x", "7Server-ResilientStorage-7.9.Z:pcs-snmp-0:0.9.169-3.el7_9.3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "rubygem-rack: crafted requests can cause shell escape sequences" } ] }
rhsa-2023_0632
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for the Logging subsystem for Red Hat OpenShift 5.4.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Logging Subsystem 5.4.11 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:0632", "url": "https://access.redhat.com/errata/RHSA-2023:0632" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2099524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099524" }, { "category": "external", "summary": "2161274", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0632.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift (Logging Subsystem) security update", "tracking": { "current_release_date": "2024-11-24T20:42:52+00:00", "generator": { "date": "2024-11-24T20:42:52+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:0632", "initial_release_date": "2023-02-15T11:08:43+00:00", "revision_history": [ { "date": "2023-02-15T11:08:43+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-02-15T11:08:43+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-24T20:42:52+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHOL 5.4 for RHEL 8", "product": { "name": "RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:logging:5.4::el8" } } } ], "category": "product_family", "name": "logging for Red Hat OpenShift" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:b7d74ad5055cde7320b9584fab00b35790034b5946ab5e5b3bb91b9dd53ba5ac_amd64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:b7d74ad5055cde7320b9584fab00b35790034b5946ab5e5b3bb91b9dd53ba5ac_amd64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:b7d74ad5055cde7320b9584fab00b35790034b5946ab5e5b3bb91b9dd53ba5ac_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:b7d74ad5055cde7320b9584fab00b35790034b5946ab5e5b3bb91b9dd53ba5ac?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.4.11-6" } } }, { "category": "product_version", "name": "openshift-logging/cluster-logging-operator-bundle@sha256:7ab5b5fc788cce18883243acbb5969bced246104636b250484c19c76dd4b93a6_amd64", "product": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:7ab5b5fc788cce18883243acbb5969bced246104636b250484c19c76dd4b93a6_amd64", "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:7ab5b5fc788cce18883243acbb5969bced246104636b250484c19c76dd4b93a6_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:7ab5b5fc788cce18883243acbb5969bced246104636b250484c19c76dd4b93a6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.4.11-10" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:91c00457ac77689695a0a419dffeaa27f58a09838d20ba8555536d9aee85606f_amd64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:91c00457ac77689695a0a419dffeaa27f58a09838d20ba8555536d9aee85606f_amd64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:91c00457ac77689695a0a419dffeaa27f58a09838d20ba8555536d9aee85606f_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:91c00457ac77689695a0a419dffeaa27f58a09838d20ba8555536d9aee85606f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.4.11-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-operator-bundle@sha256:aab07bddd4f7f54fa89726a3d06c5fb46aa9949771d937fb26d01c6231868c51_amd64", "product": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:aab07bddd4f7f54fa89726a3d06c5fb46aa9949771d937fb26d01c6231868c51_amd64", "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:aab07bddd4f7f54fa89726a3d06c5fb46aa9949771d937fb26d01c6231868c51_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:aab07bddd4f7f54fa89726a3d06c5fb46aa9949771d937fb26d01c6231868c51?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.4.11-18" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:0ac7eb6b479a554be15ab61e47d6d7ded410c1ec952d8754fa54f6f3eb16c8c6_amd64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:0ac7eb6b479a554be15ab61e47d6d7ded410c1ec952d8754fa54f6f3eb16c8c6_amd64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:0ac7eb6b479a554be15ab61e47d6d7ded410c1ec952d8754fa54f6f3eb16c8c6_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:0ac7eb6b479a554be15ab61e47d6d7ded410c1ec952d8754fa54f6f3eb16c8c6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-337" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85e2db6e4785f510bd1a5ee0d032ff1cedaa8bace60a835795be1ca21783c6e6_amd64", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85e2db6e4785f510bd1a5ee0d032ff1cedaa8bace60a835795be1ca21783c6e6_amd64", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85e2db6e4785f510bd1a5ee0d032ff1cedaa8bace60a835795be1ca21783c6e6_amd64", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:85e2db6e4785f510bd1a5ee0d032ff1cedaa8bace60a835795be1ca21783c6e6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-95" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:85323d829ca949a9cd3d86b220caaeee3b59e518ec84d50d9eb29e5dbe0a67d6_amd64", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:85323d829ca949a9cd3d86b220caaeee3b59e518ec84d50d9eb29e5dbe0a67d6_amd64", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:85323d829ca949a9cd3d86b220caaeee3b59e518ec84d50d9eb29e5dbe0a67d6_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:85323d829ca949a9cd3d86b220caaeee3b59e518ec84d50d9eb29e5dbe0a67d6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-282" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:c7ba034800b2815df849b292f40bb32bd2e6bb5ba4c00a06dfce8bce521facc6_amd64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:c7ba034800b2815df849b292f40bb32bd2e6bb5ba4c00a06dfce8bce521facc6_amd64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:c7ba034800b2815df849b292f40bb32bd2e6bb5ba4c00a06dfce8bce521facc6_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:c7ba034800b2815df849b292f40bb32bd2e6bb5ba4c00a06dfce8bce521facc6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-291" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:ecdcab4b6b5192f87209973f9634937b05d3916e5a21fb3be4c75cf40cacaf74_amd64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:ecdcab4b6b5192f87209973f9634937b05d3916e5a21fb3be4c75cf40cacaf74_amd64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:ecdcab4b6b5192f87209973f9634937b05d3916e5a21fb3be4c75cf40cacaf74_amd64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:ecdcab4b6b5192f87209973f9634937b05d3916e5a21fb3be4c75cf40cacaf74?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-76" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:973980c7d40d620669fbc0886c53e7788578916b2799e03a3a7be9c411baefe1_amd64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:973980c7d40d620669fbc0886c53e7788578916b2799e03a3a7be9c411baefe1_amd64", "product_id": "openshift-logging/fluentd-rhel8@sha256:973980c7d40d620669fbc0886c53e7788578916b2799e03a3a7be9c411baefe1_amd64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:973980c7d40d620669fbc0886c53e7788578916b2799e03a3a7be9c411baefe1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.5-51" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:5b5205024db71e94e77c0c284af593765685093cfa3e7cdbed1fb1ab1e239270_amd64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:5b5205024db71e94e77c0c284af593765685093cfa3e7cdbed1fb1ab1e239270_amd64", "product_id": "openshift-logging/kibana6-rhel8@sha256:5b5205024db71e94e77c0c284af593765685093cfa3e7cdbed1fb1ab1e239270_amd64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:5b5205024db71e94e77c0c284af593765685093cfa3e7cdbed1fb1ab1e239270?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-328" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:da1a28456a58676270ec74f690c25e0d395304ba0c30f3c0e4ab08f32b6770a9_amd64", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:da1a28456a58676270ec74f690c25e0d395304ba0c30f3c0e4ab08f32b6770a9_amd64", "product_id": "openshift-logging/logging-loki-rhel8@sha256:da1a28456a58676270ec74f690c25e0d395304ba0c30f3c0e4ab08f32b6770a9_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:da1a28456a58676270ec74f690c25e0d395304ba0c30f3c0e4ab08f32b6770a9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.5.0-61" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:09adf52069dbbf3fc7192e20eca1bdb0e6bc405836b4be47412fc568cf9f8319_amd64", "product": { "name": "openshift-logging/vector-rhel8@sha256:09adf52069dbbf3fc7192e20eca1bdb0e6bc405836b4be47412fc568cf9f8319_amd64", "product_id": "openshift-logging/vector-rhel8@sha256:09adf52069dbbf3fc7192e20eca1bdb0e6bc405836b4be47412fc568cf9f8319_amd64", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:09adf52069dbbf3fc7192e20eca1bdb0e6bc405836b4be47412fc568cf9f8319?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.14-74" } } }, { "category": "product_version", "name": "openshift-logging/loki-operator-bundle@sha256:36b7aca216180137eb518c35bba4e94d0260cbdbca6e26cfb4932d73d13f3401_amd64", "product": { "name": "openshift-logging/loki-operator-bundle@sha256:36b7aca216180137eb518c35bba4e94d0260cbdbca6e26cfb4932d73d13f3401_amd64", "product_id": "openshift-logging/loki-operator-bundle@sha256:36b7aca216180137eb518c35bba4e94d0260cbdbca6e26cfb4932d73d13f3401_amd64", "product_identification_helper": { "purl": "pkg:oci/loki-operator-bundle@sha256:36b7aca216180137eb518c35bba4e94d0260cbdbca6e26cfb4932d73d13f3401?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.4.11-26" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:421f77e65c0d8130c762883c25c5d00879e57266278100424d2693eb3946c1f0_amd64", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:421f77e65c0d8130c762883c25c5d00879e57266278100424d2693eb3946c1f0_amd64", "product_id": "openshift-logging/loki-rhel8-operator@sha256:421f77e65c0d8130c762883c25c5d00879e57266278100424d2693eb3946c1f0_amd64", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:421f77e65c0d8130c762883c25c5d00879e57266278100424d2693eb3946c1f0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.4.11-3" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:3afe1b2a3544970780e33d4df9e567e32150f19896be05caf5750eac77d646bd_amd64", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:3afe1b2a3544970780e33d4df9e567e32150f19896be05caf5750eac77d646bd_amd64", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:3afe1b2a3544970780e33d4df9e567e32150f19896be05caf5750eac77d646bd_amd64", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:3afe1b2a3544970780e33d4df9e567e32150f19896be05caf5750eac77d646bd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v5.4.11-10" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:f68add80fc64f6957f087b025942005f3de5db2f832199a543da969ac4955903_amd64", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:f68add80fc64f6957f087b025942005f3de5db2f832199a543da969ac4955903_amd64", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:f68add80fc64f6957f087b025942005f3de5db2f832199a543da969ac4955903_amd64", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:f68add80fc64f6957f087b025942005f3de5db2f832199a543da969ac4955903?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v5.4.11-2" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6852056797fb71905807c327c6eb360ba8c21eaca7d6a56db3fdd40fb1ca8c91_arm64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6852056797fb71905807c327c6eb360ba8c21eaca7d6a56db3fdd40fb1ca8c91_arm64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:6852056797fb71905807c327c6eb360ba8c21eaca7d6a56db3fdd40fb1ca8c91_arm64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:6852056797fb71905807c327c6eb360ba8c21eaca7d6a56db3fdd40fb1ca8c91?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.4.11-6" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:e2feda4d38877bf97f51e6f4d41c03752cabb24e483e508192696c1c6d073370_arm64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:e2feda4d38877bf97f51e6f4d41c03752cabb24e483e508192696c1c6d073370_arm64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:e2feda4d38877bf97f51e6f4d41c03752cabb24e483e508192696c1c6d073370_arm64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:e2feda4d38877bf97f51e6f4d41c03752cabb24e483e508192696c1c6d073370?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.4.11-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:119afbf853025bba3ed3a06e1ef5dbcc85520053110a9a32f0d19a7792d5ff90_arm64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:119afbf853025bba3ed3a06e1ef5dbcc85520053110a9a32f0d19a7792d5ff90_arm64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:119afbf853025bba3ed3a06e1ef5dbcc85520053110a9a32f0d19a7792d5ff90_arm64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:119afbf853025bba3ed3a06e1ef5dbcc85520053110a9a32f0d19a7792d5ff90?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-337" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2fc648617368a8be448ac85fed88c0701fe49975aea66d647739f91e44731065_arm64", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2fc648617368a8be448ac85fed88c0701fe49975aea66d647739f91e44731065_arm64", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2fc648617368a8be448ac85fed88c0701fe49975aea66d647739f91e44731065_arm64", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:2fc648617368a8be448ac85fed88c0701fe49975aea66d647739f91e44731065?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-95" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:b864f913045f32c221b30e9739f0609cc2700474535060bb503429ddf360d59d_arm64", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:b864f913045f32c221b30e9739f0609cc2700474535060bb503429ddf360d59d_arm64", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:b864f913045f32c221b30e9739f0609cc2700474535060bb503429ddf360d59d_arm64", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:b864f913045f32c221b30e9739f0609cc2700474535060bb503429ddf360d59d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-282" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:90882305ff4c797b77fc0017697f408385138e9f436f18ad3f9ede84e3ce8917_arm64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:90882305ff4c797b77fc0017697f408385138e9f436f18ad3f9ede84e3ce8917_arm64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:90882305ff4c797b77fc0017697f408385138e9f436f18ad3f9ede84e3ce8917_arm64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:90882305ff4c797b77fc0017697f408385138e9f436f18ad3f9ede84e3ce8917?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-291" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:288436122a88e3774ed1f67340701552853622ff3d7e93df79064aafc93793a5_arm64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:288436122a88e3774ed1f67340701552853622ff3d7e93df79064aafc93793a5_arm64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:288436122a88e3774ed1f67340701552853622ff3d7e93df79064aafc93793a5_arm64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:288436122a88e3774ed1f67340701552853622ff3d7e93df79064aafc93793a5?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-76" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:a4ac93c66ec44e8af3f1b2e7622b00f2c439b02defaa109fa52b1199af5d7036_arm64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:a4ac93c66ec44e8af3f1b2e7622b00f2c439b02defaa109fa52b1199af5d7036_arm64", "product_id": "openshift-logging/fluentd-rhel8@sha256:a4ac93c66ec44e8af3f1b2e7622b00f2c439b02defaa109fa52b1199af5d7036_arm64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:a4ac93c66ec44e8af3f1b2e7622b00f2c439b02defaa109fa52b1199af5d7036?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.5-51" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:6c20722e93575354d264f7df0a7ad176ee0176966ec1da1be2bb8c5157c81364_arm64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:6c20722e93575354d264f7df0a7ad176ee0176966ec1da1be2bb8c5157c81364_arm64", "product_id": "openshift-logging/kibana6-rhel8@sha256:6c20722e93575354d264f7df0a7ad176ee0176966ec1da1be2bb8c5157c81364_arm64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:6c20722e93575354d264f7df0a7ad176ee0176966ec1da1be2bb8c5157c81364?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-328" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:3101b26acd72020ffe02b8f11fc2452f266159f1e7125118edda108a9503c29a_arm64", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:3101b26acd72020ffe02b8f11fc2452f266159f1e7125118edda108a9503c29a_arm64", "product_id": "openshift-logging/logging-loki-rhel8@sha256:3101b26acd72020ffe02b8f11fc2452f266159f1e7125118edda108a9503c29a_arm64", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:3101b26acd72020ffe02b8f11fc2452f266159f1e7125118edda108a9503c29a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.5.0-61" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:fe020a4c315486f3e90534cdce69d336a1ee08289e9c0773a9100a593c98bea1_arm64", "product": { "name": "openshift-logging/vector-rhel8@sha256:fe020a4c315486f3e90534cdce69d336a1ee08289e9c0773a9100a593c98bea1_arm64", "product_id": "openshift-logging/vector-rhel8@sha256:fe020a4c315486f3e90534cdce69d336a1ee08289e9c0773a9100a593c98bea1_arm64", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:fe020a4c315486f3e90534cdce69d336a1ee08289e9c0773a9100a593c98bea1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.14-74" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:68a49f41366b2ee519ccbc2dae949dc320622422b191c41a9792738f47bb0135_arm64", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:68a49f41366b2ee519ccbc2dae949dc320622422b191c41a9792738f47bb0135_arm64", "product_id": "openshift-logging/loki-rhel8-operator@sha256:68a49f41366b2ee519ccbc2dae949dc320622422b191c41a9792738f47bb0135_arm64", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:68a49f41366b2ee519ccbc2dae949dc320622422b191c41a9792738f47bb0135?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.4.11-3" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:135fd57e3246485140a76d44db6a0337b51c7739af3a115002f898b54b2d56c8_arm64", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:135fd57e3246485140a76d44db6a0337b51c7739af3a115002f898b54b2d56c8_arm64", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:135fd57e3246485140a76d44db6a0337b51c7739af3a115002f898b54b2d56c8_arm64", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:135fd57e3246485140a76d44db6a0337b51c7739af3a115002f898b54b2d56c8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v5.4.11-10" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:77630523a3bd3d23af4d436dc0bd8d5758d24a86e99dbd0ef463a37bf6b87a56_arm64", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:77630523a3bd3d23af4d436dc0bd8d5758d24a86e99dbd0ef463a37bf6b87a56_arm64", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:77630523a3bd3d23af4d436dc0bd8d5758d24a86e99dbd0ef463a37bf6b87a56_arm64", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:77630523a3bd3d23af4d436dc0bd8d5758d24a86e99dbd0ef463a37bf6b87a56?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v5.4.11-2" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:1b8bf87ec875fe41a66ea659a6b18c5e5659b316d45eea5ebdee33bae4ef81a1_s390x", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:1b8bf87ec875fe41a66ea659a6b18c5e5659b316d45eea5ebdee33bae4ef81a1_s390x", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:1b8bf87ec875fe41a66ea659a6b18c5e5659b316d45eea5ebdee33bae4ef81a1_s390x", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:1b8bf87ec875fe41a66ea659a6b18c5e5659b316d45eea5ebdee33bae4ef81a1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.4.11-6" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f7b3d237c663055b328ecd74bcce5187adc19bdbe37d2fdd6da568a2160ddfce_s390x", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f7b3d237c663055b328ecd74bcce5187adc19bdbe37d2fdd6da568a2160ddfce_s390x", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:f7b3d237c663055b328ecd74bcce5187adc19bdbe37d2fdd6da568a2160ddfce_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:f7b3d237c663055b328ecd74bcce5187adc19bdbe37d2fdd6da568a2160ddfce?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.4.11-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:6383da98645b90f488612d7b9f97de1306e8b1377d42da2c55d3645c051769cd_s390x", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:6383da98645b90f488612d7b9f97de1306e8b1377d42da2c55d3645c051769cd_s390x", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:6383da98645b90f488612d7b9f97de1306e8b1377d42da2c55d3645c051769cd_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:6383da98645b90f488612d7b9f97de1306e8b1377d42da2c55d3645c051769cd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-337" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:989592f347cbca72cd3ac0331b385265d30320656ba79ceece673edd6bc7872d_s390x", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:989592f347cbca72cd3ac0331b385265d30320656ba79ceece673edd6bc7872d_s390x", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:989592f347cbca72cd3ac0331b385265d30320656ba79ceece673edd6bc7872d_s390x", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:989592f347cbca72cd3ac0331b385265d30320656ba79ceece673edd6bc7872d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-95" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:3efb8c753506ac2557bccc2d1500694e69bc43ac08ab41c3c4fdbc9f042e9135_s390x", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:3efb8c753506ac2557bccc2d1500694e69bc43ac08ab41c3c4fdbc9f042e9135_s390x", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:3efb8c753506ac2557bccc2d1500694e69bc43ac08ab41c3c4fdbc9f042e9135_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:3efb8c753506ac2557bccc2d1500694e69bc43ac08ab41c3c4fdbc9f042e9135?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-282" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:233e1632804aaf594c5c9765411e64d88e27186e9d7df136c9b2722496dbb891_s390x", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:233e1632804aaf594c5c9765411e64d88e27186e9d7df136c9b2722496dbb891_s390x", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:233e1632804aaf594c5c9765411e64d88e27186e9d7df136c9b2722496dbb891_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:233e1632804aaf594c5c9765411e64d88e27186e9d7df136c9b2722496dbb891?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-291" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:74d8ac8e86c7117dd879f8dafdb8124786ae0939075da0c6c77e590ec7c2803e_s390x", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:74d8ac8e86c7117dd879f8dafdb8124786ae0939075da0c6c77e590ec7c2803e_s390x", "product_id": "openshift-logging/eventrouter-rhel8@sha256:74d8ac8e86c7117dd879f8dafdb8124786ae0939075da0c6c77e590ec7c2803e_s390x", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:74d8ac8e86c7117dd879f8dafdb8124786ae0939075da0c6c77e590ec7c2803e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-76" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:5f8e825cb25b65b9b2060fa51d9a611eb4284d62942e119c7172903848bc6915_s390x", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:5f8e825cb25b65b9b2060fa51d9a611eb4284d62942e119c7172903848bc6915_s390x", "product_id": "openshift-logging/fluentd-rhel8@sha256:5f8e825cb25b65b9b2060fa51d9a611eb4284d62942e119c7172903848bc6915_s390x", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:5f8e825cb25b65b9b2060fa51d9a611eb4284d62942e119c7172903848bc6915?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.5-51" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:4843583ba145b008d4117bcf7f24f50d8c67bfa75df0e2b2ac33a76b0dbc79ed_s390x", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:4843583ba145b008d4117bcf7f24f50d8c67bfa75df0e2b2ac33a76b0dbc79ed_s390x", "product_id": "openshift-logging/kibana6-rhel8@sha256:4843583ba145b008d4117bcf7f24f50d8c67bfa75df0e2b2ac33a76b0dbc79ed_s390x", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:4843583ba145b008d4117bcf7f24f50d8c67bfa75df0e2b2ac33a76b0dbc79ed?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-328" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:788bdc53fc2804979ef5de471175aaf572cdfd36a1ec0b1d0081073549e88f4b_s390x", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:788bdc53fc2804979ef5de471175aaf572cdfd36a1ec0b1d0081073549e88f4b_s390x", "product_id": "openshift-logging/logging-loki-rhel8@sha256:788bdc53fc2804979ef5de471175aaf572cdfd36a1ec0b1d0081073549e88f4b_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:788bdc53fc2804979ef5de471175aaf572cdfd36a1ec0b1d0081073549e88f4b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.5.0-61" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:f98f732a7e82778aed2b0d0fb88a36d69e8cf2852d270d3e47e120b529a885d4_s390x", "product": { "name": "openshift-logging/vector-rhel8@sha256:f98f732a7e82778aed2b0d0fb88a36d69e8cf2852d270d3e47e120b529a885d4_s390x", "product_id": "openshift-logging/vector-rhel8@sha256:f98f732a7e82778aed2b0d0fb88a36d69e8cf2852d270d3e47e120b529a885d4_s390x", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:f98f732a7e82778aed2b0d0fb88a36d69e8cf2852d270d3e47e120b529a885d4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.14-74" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:4ebc8fb1304dd719e276723cce2890776f57ebea7eb6764ba47f387165bec58e_s390x", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:4ebc8fb1304dd719e276723cce2890776f57ebea7eb6764ba47f387165bec58e_s390x", "product_id": "openshift-logging/loki-rhel8-operator@sha256:4ebc8fb1304dd719e276723cce2890776f57ebea7eb6764ba47f387165bec58e_s390x", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:4ebc8fb1304dd719e276723cce2890776f57ebea7eb6764ba47f387165bec58e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.4.11-3" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:0461e5c960e044fe9eb89532d90af2c68c2577ab7599ff700077ba383a2c4b79_s390x", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:0461e5c960e044fe9eb89532d90af2c68c2577ab7599ff700077ba383a2c4b79_s390x", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:0461e5c960e044fe9eb89532d90af2c68c2577ab7599ff700077ba383a2c4b79_s390x", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:0461e5c960e044fe9eb89532d90af2c68c2577ab7599ff700077ba383a2c4b79?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v5.4.11-10" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:9d1b1a47273693b873d25304426489fb6cc499c9dad1940c5fc4f7293a412819_s390x", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:9d1b1a47273693b873d25304426489fb6cc499c9dad1940c5fc4f7293a412819_s390x", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:9d1b1a47273693b873d25304426489fb6cc499c9dad1940c5fc4f7293a412819_s390x", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:9d1b1a47273693b873d25304426489fb6cc499c9dad1940c5fc4f7293a412819?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v5.4.11-2" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:2e002a48fad466ef0ec91bc70090c34d16cc9a13192b43bff5a8d26bad016b1d_ppc64le", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:2e002a48fad466ef0ec91bc70090c34d16cc9a13192b43bff5a8d26bad016b1d_ppc64le", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:2e002a48fad466ef0ec91bc70090c34d16cc9a13192b43bff5a8d26bad016b1d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:2e002a48fad466ef0ec91bc70090c34d16cc9a13192b43bff5a8d26bad016b1d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.4.11-6" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:54366435c4fdc0ed60acd5be4b6332a902e04a4983bd11c56f43cb60154ad858_ppc64le", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:54366435c4fdc0ed60acd5be4b6332a902e04a4983bd11c56f43cb60154ad858_ppc64le", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:54366435c4fdc0ed60acd5be4b6332a902e04a4983bd11c56f43cb60154ad858_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:54366435c4fdc0ed60acd5be4b6332a902e04a4983bd11c56f43cb60154ad858?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.4.11-3" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:361bb98599f559be65a59735307227ff4f80ef4e3ce242b2d09c13b1b3cc1e97_ppc64le", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:361bb98599f559be65a59735307227ff4f80ef4e3ce242b2d09c13b1b3cc1e97_ppc64le", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:361bb98599f559be65a59735307227ff4f80ef4e3ce242b2d09c13b1b3cc1e97_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:361bb98599f559be65a59735307227ff4f80ef4e3ce242b2d09c13b1b3cc1e97?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-337" } } }, { "category": "product_version", "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:c013416d49d9d4e3741cbff5bde90d9a21009f5c6a3f8d7f05216255e7f49417_ppc64le", "product": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:c013416d49d9d4e3741cbff5bde90d9a21009f5c6a3f8d7f05216255e7f49417_ppc64le", "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:c013416d49d9d4e3741cbff5bde90d9a21009f5c6a3f8d7f05216255e7f49417_ppc64le", "product_identification_helper": { "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:c013416d49d9d4e3741cbff5bde90d9a21009f5c6a3f8d7f05216255e7f49417?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-95" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:2dee63a8dada3bf1d446b4528e09d83dd79c6d6bebfc10dc509582335e00dd65_ppc64le", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:2dee63a8dada3bf1d446b4528e09d83dd79c6d6bebfc10dc509582335e00dd65_ppc64le", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:2dee63a8dada3bf1d446b4528e09d83dd79c6d6bebfc10dc509582335e00dd65_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:2dee63a8dada3bf1d446b4528e09d83dd79c6d6bebfc10dc509582335e00dd65?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-282" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:6e3b8c4326a16d1996d63d3139fa8da07f836adb7380eebfd43c04afb5cc8160_ppc64le", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:6e3b8c4326a16d1996d63d3139fa8da07f836adb7380eebfd43c04afb5cc8160_ppc64le", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:6e3b8c4326a16d1996d63d3139fa8da07f836adb7380eebfd43c04afb5cc8160_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:6e3b8c4326a16d1996d63d3139fa8da07f836adb7380eebfd43c04afb5cc8160?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-291" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:de6ee66aac30df18e4fb9d34f316d1220af07bfc64d730eba8381a87f59630e7_ppc64le", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:de6ee66aac30df18e4fb9d34f316d1220af07bfc64d730eba8381a87f59630e7_ppc64le", "product_id": "openshift-logging/eventrouter-rhel8@sha256:de6ee66aac30df18e4fb9d34f316d1220af07bfc64d730eba8381a87f59630e7_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:de6ee66aac30df18e4fb9d34f316d1220af07bfc64d730eba8381a87f59630e7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-76" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:3a02e2eb672689fc012b4276291c86aba80677edf88c6e1625e4679d994dc58d_ppc64le", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:3a02e2eb672689fc012b4276291c86aba80677edf88c6e1625e4679d994dc58d_ppc64le", "product_id": "openshift-logging/fluentd-rhel8@sha256:3a02e2eb672689fc012b4276291c86aba80677edf88c6e1625e4679d994dc58d_ppc64le", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:3a02e2eb672689fc012b4276291c86aba80677edf88c6e1625e4679d994dc58d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.5-51" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:681183bd8845927e77c735a8baa89915e33895f24a2411b683a440ac2d8de077_ppc64le", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:681183bd8845927e77c735a8baa89915e33895f24a2411b683a440ac2d8de077_ppc64le", "product_id": "openshift-logging/kibana6-rhel8@sha256:681183bd8845927e77c735a8baa89915e33895f24a2411b683a440ac2d8de077_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:681183bd8845927e77c735a8baa89915e33895f24a2411b683a440ac2d8de077?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-328" } } }, { "category": "product_version", "name": "openshift-logging/logging-loki-rhel8@sha256:06ec44e3c6b906b6402327e7294515396f0c810741c3ba1e18f0c6b29f0853ce_ppc64le", "product": { "name": "openshift-logging/logging-loki-rhel8@sha256:06ec44e3c6b906b6402327e7294515396f0c810741c3ba1e18f0c6b29f0853ce_ppc64le", "product_id": "openshift-logging/logging-loki-rhel8@sha256:06ec44e3c6b906b6402327e7294515396f0c810741c3ba1e18f0c6b29f0853ce_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-loki-rhel8@sha256:06ec44e3c6b906b6402327e7294515396f0c810741c3ba1e18f0c6b29f0853ce?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.5.0-61" } } }, { "category": "product_version", "name": "openshift-logging/vector-rhel8@sha256:c6d67b08190ee8f191a69ba12dc17a5be10c146f33b98ae0d1ba72b6c7f4d5eb_ppc64le", "product": { "name": "openshift-logging/vector-rhel8@sha256:c6d67b08190ee8f191a69ba12dc17a5be10c146f33b98ae0d1ba72b6c7f4d5eb_ppc64le", "product_id": "openshift-logging/vector-rhel8@sha256:c6d67b08190ee8f191a69ba12dc17a5be10c146f33b98ae0d1ba72b6c7f4d5eb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/vector-rhel8@sha256:c6d67b08190ee8f191a69ba12dc17a5be10c146f33b98ae0d1ba72b6c7f4d5eb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.14-74" } } }, { "category": "product_version", "name": "openshift-logging/loki-rhel8-operator@sha256:4a10b28997798c6da95190e2caca50b138f7508e52237e605c498858749b4c69_ppc64le", "product": { "name": "openshift-logging/loki-rhel8-operator@sha256:4a10b28997798c6da95190e2caca50b138f7508e52237e605c498858749b4c69_ppc64le", "product_id": "openshift-logging/loki-rhel8-operator@sha256:4a10b28997798c6da95190e2caca50b138f7508e52237e605c498858749b4c69_ppc64le", "product_identification_helper": { "purl": "pkg:oci/loki-rhel8-operator@sha256:4a10b28997798c6da95190e2caca50b138f7508e52237e605c498858749b4c69?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.4.11-3" } } }, { "category": "product_version", "name": "openshift-logging/lokistack-gateway-rhel8@sha256:a188ec66929c398ade76abf680a9a7258e583f17b0ebb1580c8bbe4791f73012_ppc64le", "product": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:a188ec66929c398ade76abf680a9a7258e583f17b0ebb1580c8bbe4791f73012_ppc64le", "product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:a188ec66929c398ade76abf680a9a7258e583f17b0ebb1580c8bbe4791f73012_ppc64le", "product_identification_helper": { "purl": "pkg:oci/lokistack-gateway-rhel8@sha256:a188ec66929c398ade76abf680a9a7258e583f17b0ebb1580c8bbe4791f73012?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v5.4.11-10" } } }, { "category": "product_version", "name": "openshift-logging/opa-openshift-rhel8@sha256:4ddc204cb788f6f9329e7dc56e3e7c7746c30a7c5a12bdfd3cb806362927d80a_ppc64le", "product": { "name": "openshift-logging/opa-openshift-rhel8@sha256:4ddc204cb788f6f9329e7dc56e3e7c7746c30a7c5a12bdfd3cb806362927d80a_ppc64le", "product_id": "openshift-logging/opa-openshift-rhel8@sha256:4ddc204cb788f6f9329e7dc56e3e7c7746c30a7c5a12bdfd3cb806362927d80a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/opa-openshift-rhel8@sha256:4ddc204cb788f6f9329e7dc56e3e7c7746c30a7c5a12bdfd3cb806362927d80a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v5.4.11-2" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:7ab5b5fc788cce18883243acbb5969bced246104636b250484c19c76dd4b93a6_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:7ab5b5fc788cce18883243acbb5969bced246104636b250484c19c76dd4b93a6_amd64" }, "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:7ab5b5fc788cce18883243acbb5969bced246104636b250484c19c76dd4b93a6_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:1b8bf87ec875fe41a66ea659a6b18c5e5659b316d45eea5ebdee33bae4ef81a1_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:1b8bf87ec875fe41a66ea659a6b18c5e5659b316d45eea5ebdee33bae4ef81a1_s390x" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:1b8bf87ec875fe41a66ea659a6b18c5e5659b316d45eea5ebdee33bae4ef81a1_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:2e002a48fad466ef0ec91bc70090c34d16cc9a13192b43bff5a8d26bad016b1d_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:2e002a48fad466ef0ec91bc70090c34d16cc9a13192b43bff5a8d26bad016b1d_ppc64le" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:2e002a48fad466ef0ec91bc70090c34d16cc9a13192b43bff5a8d26bad016b1d_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6852056797fb71905807c327c6eb360ba8c21eaca7d6a56db3fdd40fb1ca8c91_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:6852056797fb71905807c327c6eb360ba8c21eaca7d6a56db3fdd40fb1ca8c91_arm64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:6852056797fb71905807c327c6eb360ba8c21eaca7d6a56db3fdd40fb1ca8c91_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:b7d74ad5055cde7320b9584fab00b35790034b5946ab5e5b3bb91b9dd53ba5ac_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:b7d74ad5055cde7320b9584fab00b35790034b5946ab5e5b3bb91b9dd53ba5ac_amd64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:b7d74ad5055cde7320b9584fab00b35790034b5946ab5e5b3bb91b9dd53ba5ac_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:aab07bddd4f7f54fa89726a3d06c5fb46aa9949771d937fb26d01c6231868c51_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:aab07bddd4f7f54fa89726a3d06c5fb46aa9949771d937fb26d01c6231868c51_amd64" }, "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:aab07bddd4f7f54fa89726a3d06c5fb46aa9949771d937fb26d01c6231868c51_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:0ac7eb6b479a554be15ab61e47d6d7ded410c1ec952d8754fa54f6f3eb16c8c6_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:0ac7eb6b479a554be15ab61e47d6d7ded410c1ec952d8754fa54f6f3eb16c8c6_amd64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:0ac7eb6b479a554be15ab61e47d6d7ded410c1ec952d8754fa54f6f3eb16c8c6_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:119afbf853025bba3ed3a06e1ef5dbcc85520053110a9a32f0d19a7792d5ff90_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:119afbf853025bba3ed3a06e1ef5dbcc85520053110a9a32f0d19a7792d5ff90_arm64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:119afbf853025bba3ed3a06e1ef5dbcc85520053110a9a32f0d19a7792d5ff90_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:361bb98599f559be65a59735307227ff4f80ef4e3ce242b2d09c13b1b3cc1e97_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:361bb98599f559be65a59735307227ff4f80ef4e3ce242b2d09c13b1b3cc1e97_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:361bb98599f559be65a59735307227ff4f80ef4e3ce242b2d09c13b1b3cc1e97_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:6383da98645b90f488612d7b9f97de1306e8b1377d42da2c55d3645c051769cd_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:6383da98645b90f488612d7b9f97de1306e8b1377d42da2c55d3645c051769cd_s390x" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:6383da98645b90f488612d7b9f97de1306e8b1377d42da2c55d3645c051769cd_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:54366435c4fdc0ed60acd5be4b6332a902e04a4983bd11c56f43cb60154ad858_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:54366435c4fdc0ed60acd5be4b6332a902e04a4983bd11c56f43cb60154ad858_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:54366435c4fdc0ed60acd5be4b6332a902e04a4983bd11c56f43cb60154ad858_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:91c00457ac77689695a0a419dffeaa27f58a09838d20ba8555536d9aee85606f_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:91c00457ac77689695a0a419dffeaa27f58a09838d20ba8555536d9aee85606f_amd64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:91c00457ac77689695a0a419dffeaa27f58a09838d20ba8555536d9aee85606f_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:e2feda4d38877bf97f51e6f4d41c03752cabb24e483e508192696c1c6d073370_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:e2feda4d38877bf97f51e6f4d41c03752cabb24e483e508192696c1c6d073370_arm64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:e2feda4d38877bf97f51e6f4d41c03752cabb24e483e508192696c1c6d073370_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f7b3d237c663055b328ecd74bcce5187adc19bdbe37d2fdd6da568a2160ddfce_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:f7b3d237c663055b328ecd74bcce5187adc19bdbe37d2fdd6da568a2160ddfce_s390x" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:f7b3d237c663055b328ecd74bcce5187adc19bdbe37d2fdd6da568a2160ddfce_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:233e1632804aaf594c5c9765411e64d88e27186e9d7df136c9b2722496dbb891_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:233e1632804aaf594c5c9765411e64d88e27186e9d7df136c9b2722496dbb891_s390x" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:233e1632804aaf594c5c9765411e64d88e27186e9d7df136c9b2722496dbb891_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:6e3b8c4326a16d1996d63d3139fa8da07f836adb7380eebfd43c04afb5cc8160_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:6e3b8c4326a16d1996d63d3139fa8da07f836adb7380eebfd43c04afb5cc8160_ppc64le" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:6e3b8c4326a16d1996d63d3139fa8da07f836adb7380eebfd43c04afb5cc8160_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:90882305ff4c797b77fc0017697f408385138e9f436f18ad3f9ede84e3ce8917_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:90882305ff4c797b77fc0017697f408385138e9f436f18ad3f9ede84e3ce8917_arm64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:90882305ff4c797b77fc0017697f408385138e9f436f18ad3f9ede84e3ce8917_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:c7ba034800b2815df849b292f40bb32bd2e6bb5ba4c00a06dfce8bce521facc6_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:c7ba034800b2815df849b292f40bb32bd2e6bb5ba4c00a06dfce8bce521facc6_amd64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:c7ba034800b2815df849b292f40bb32bd2e6bb5ba4c00a06dfce8bce521facc6_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:288436122a88e3774ed1f67340701552853622ff3d7e93df79064aafc93793a5_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:288436122a88e3774ed1f67340701552853622ff3d7e93df79064aafc93793a5_arm64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:288436122a88e3774ed1f67340701552853622ff3d7e93df79064aafc93793a5_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:74d8ac8e86c7117dd879f8dafdb8124786ae0939075da0c6c77e590ec7c2803e_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:74d8ac8e86c7117dd879f8dafdb8124786ae0939075da0c6c77e590ec7c2803e_s390x" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:74d8ac8e86c7117dd879f8dafdb8124786ae0939075da0c6c77e590ec7c2803e_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:de6ee66aac30df18e4fb9d34f316d1220af07bfc64d730eba8381a87f59630e7_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:de6ee66aac30df18e4fb9d34f316d1220af07bfc64d730eba8381a87f59630e7_ppc64le" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:de6ee66aac30df18e4fb9d34f316d1220af07bfc64d730eba8381a87f59630e7_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:ecdcab4b6b5192f87209973f9634937b05d3916e5a21fb3be4c75cf40cacaf74_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:ecdcab4b6b5192f87209973f9634937b05d3916e5a21fb3be4c75cf40cacaf74_amd64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:ecdcab4b6b5192f87209973f9634937b05d3916e5a21fb3be4c75cf40cacaf74_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:3a02e2eb672689fc012b4276291c86aba80677edf88c6e1625e4679d994dc58d_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:3a02e2eb672689fc012b4276291c86aba80677edf88c6e1625e4679d994dc58d_ppc64le" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:3a02e2eb672689fc012b4276291c86aba80677edf88c6e1625e4679d994dc58d_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:5f8e825cb25b65b9b2060fa51d9a611eb4284d62942e119c7172903848bc6915_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:5f8e825cb25b65b9b2060fa51d9a611eb4284d62942e119c7172903848bc6915_s390x" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:5f8e825cb25b65b9b2060fa51d9a611eb4284d62942e119c7172903848bc6915_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:973980c7d40d620669fbc0886c53e7788578916b2799e03a3a7be9c411baefe1_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:973980c7d40d620669fbc0886c53e7788578916b2799e03a3a7be9c411baefe1_amd64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:973980c7d40d620669fbc0886c53e7788578916b2799e03a3a7be9c411baefe1_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:a4ac93c66ec44e8af3f1b2e7622b00f2c439b02defaa109fa52b1199af5d7036_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:a4ac93c66ec44e8af3f1b2e7622b00f2c439b02defaa109fa52b1199af5d7036_arm64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:a4ac93c66ec44e8af3f1b2e7622b00f2c439b02defaa109fa52b1199af5d7036_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:4843583ba145b008d4117bcf7f24f50d8c67bfa75df0e2b2ac33a76b0dbc79ed_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4843583ba145b008d4117bcf7f24f50d8c67bfa75df0e2b2ac33a76b0dbc79ed_s390x" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:4843583ba145b008d4117bcf7f24f50d8c67bfa75df0e2b2ac33a76b0dbc79ed_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:5b5205024db71e94e77c0c284af593765685093cfa3e7cdbed1fb1ab1e239270_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:5b5205024db71e94e77c0c284af593765685093cfa3e7cdbed1fb1ab1e239270_amd64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:5b5205024db71e94e77c0c284af593765685093cfa3e7cdbed1fb1ab1e239270_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:681183bd8845927e77c735a8baa89915e33895f24a2411b683a440ac2d8de077_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:681183bd8845927e77c735a8baa89915e33895f24a2411b683a440ac2d8de077_ppc64le" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:681183bd8845927e77c735a8baa89915e33895f24a2411b683a440ac2d8de077_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:6c20722e93575354d264f7df0a7ad176ee0176966ec1da1be2bb8c5157c81364_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:6c20722e93575354d264f7df0a7ad176ee0176966ec1da1be2bb8c5157c81364_arm64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:6c20722e93575354d264f7df0a7ad176ee0176966ec1da1be2bb8c5157c81364_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2fc648617368a8be448ac85fed88c0701fe49975aea66d647739f91e44731065_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:2fc648617368a8be448ac85fed88c0701fe49975aea66d647739f91e44731065_arm64" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2fc648617368a8be448ac85fed88c0701fe49975aea66d647739f91e44731065_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85e2db6e4785f510bd1a5ee0d032ff1cedaa8bace60a835795be1ca21783c6e6_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85e2db6e4785f510bd1a5ee0d032ff1cedaa8bace60a835795be1ca21783c6e6_amd64" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:85e2db6e4785f510bd1a5ee0d032ff1cedaa8bace60a835795be1ca21783c6e6_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:989592f347cbca72cd3ac0331b385265d30320656ba79ceece673edd6bc7872d_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:989592f347cbca72cd3ac0331b385265d30320656ba79ceece673edd6bc7872d_s390x" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:989592f347cbca72cd3ac0331b385265d30320656ba79ceece673edd6bc7872d_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:c013416d49d9d4e3741cbff5bde90d9a21009f5c6a3f8d7f05216255e7f49417_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:c013416d49d9d4e3741cbff5bde90d9a21009f5c6a3f8d7f05216255e7f49417_ppc64le" }, "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:c013416d49d9d4e3741cbff5bde90d9a21009f5c6a3f8d7f05216255e7f49417_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:2dee63a8dada3bf1d446b4528e09d83dd79c6d6bebfc10dc509582335e00dd65_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:2dee63a8dada3bf1d446b4528e09d83dd79c6d6bebfc10dc509582335e00dd65_ppc64le" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:2dee63a8dada3bf1d446b4528e09d83dd79c6d6bebfc10dc509582335e00dd65_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:3efb8c753506ac2557bccc2d1500694e69bc43ac08ab41c3c4fdbc9f042e9135_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:3efb8c753506ac2557bccc2d1500694e69bc43ac08ab41c3c4fdbc9f042e9135_s390x" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:3efb8c753506ac2557bccc2d1500694e69bc43ac08ab41c3c4fdbc9f042e9135_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:85323d829ca949a9cd3d86b220caaeee3b59e518ec84d50d9eb29e5dbe0a67d6_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:85323d829ca949a9cd3d86b220caaeee3b59e518ec84d50d9eb29e5dbe0a67d6_amd64" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:85323d829ca949a9cd3d86b220caaeee3b59e518ec84d50d9eb29e5dbe0a67d6_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:b864f913045f32c221b30e9739f0609cc2700474535060bb503429ddf360d59d_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:b864f913045f32c221b30e9739f0609cc2700474535060bb503429ddf360d59d_arm64" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:b864f913045f32c221b30e9739f0609cc2700474535060bb503429ddf360d59d_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:06ec44e3c6b906b6402327e7294515396f0c810741c3ba1e18f0c6b29f0853ce_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:06ec44e3c6b906b6402327e7294515396f0c810741c3ba1e18f0c6b29f0853ce_ppc64le" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:06ec44e3c6b906b6402327e7294515396f0c810741c3ba1e18f0c6b29f0853ce_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:3101b26acd72020ffe02b8f11fc2452f266159f1e7125118edda108a9503c29a_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:3101b26acd72020ffe02b8f11fc2452f266159f1e7125118edda108a9503c29a_arm64" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:3101b26acd72020ffe02b8f11fc2452f266159f1e7125118edda108a9503c29a_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:788bdc53fc2804979ef5de471175aaf572cdfd36a1ec0b1d0081073549e88f4b_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:788bdc53fc2804979ef5de471175aaf572cdfd36a1ec0b1d0081073549e88f4b_s390x" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:788bdc53fc2804979ef5de471175aaf572cdfd36a1ec0b1d0081073549e88f4b_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-loki-rhel8@sha256:da1a28456a58676270ec74f690c25e0d395304ba0c30f3c0e4ab08f32b6770a9_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:da1a28456a58676270ec74f690c25e0d395304ba0c30f3c0e4ab08f32b6770a9_amd64" }, "product_reference": "openshift-logging/logging-loki-rhel8@sha256:da1a28456a58676270ec74f690c25e0d395304ba0c30f3c0e4ab08f32b6770a9_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-operator-bundle@sha256:36b7aca216180137eb518c35bba4e94d0260cbdbca6e26cfb4932d73d13f3401_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:36b7aca216180137eb518c35bba4e94d0260cbdbca6e26cfb4932d73d13f3401_amd64" }, "product_reference": "openshift-logging/loki-operator-bundle@sha256:36b7aca216180137eb518c35bba4e94d0260cbdbca6e26cfb4932d73d13f3401_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:421f77e65c0d8130c762883c25c5d00879e57266278100424d2693eb3946c1f0_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:421f77e65c0d8130c762883c25c5d00879e57266278100424d2693eb3946c1f0_amd64" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:421f77e65c0d8130c762883c25c5d00879e57266278100424d2693eb3946c1f0_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:4a10b28997798c6da95190e2caca50b138f7508e52237e605c498858749b4c69_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:4a10b28997798c6da95190e2caca50b138f7508e52237e605c498858749b4c69_ppc64le" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:4a10b28997798c6da95190e2caca50b138f7508e52237e605c498858749b4c69_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:4ebc8fb1304dd719e276723cce2890776f57ebea7eb6764ba47f387165bec58e_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:4ebc8fb1304dd719e276723cce2890776f57ebea7eb6764ba47f387165bec58e_s390x" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:4ebc8fb1304dd719e276723cce2890776f57ebea7eb6764ba47f387165bec58e_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/loki-rhel8-operator@sha256:68a49f41366b2ee519ccbc2dae949dc320622422b191c41a9792738f47bb0135_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:68a49f41366b2ee519ccbc2dae949dc320622422b191c41a9792738f47bb0135_arm64" }, "product_reference": "openshift-logging/loki-rhel8-operator@sha256:68a49f41366b2ee519ccbc2dae949dc320622422b191c41a9792738f47bb0135_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:0461e5c960e044fe9eb89532d90af2c68c2577ab7599ff700077ba383a2c4b79_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:0461e5c960e044fe9eb89532d90af2c68c2577ab7599ff700077ba383a2c4b79_s390x" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:0461e5c960e044fe9eb89532d90af2c68c2577ab7599ff700077ba383a2c4b79_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:135fd57e3246485140a76d44db6a0337b51c7739af3a115002f898b54b2d56c8_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:135fd57e3246485140a76d44db6a0337b51c7739af3a115002f898b54b2d56c8_arm64" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:135fd57e3246485140a76d44db6a0337b51c7739af3a115002f898b54b2d56c8_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:3afe1b2a3544970780e33d4df9e567e32150f19896be05caf5750eac77d646bd_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:3afe1b2a3544970780e33d4df9e567e32150f19896be05caf5750eac77d646bd_amd64" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:3afe1b2a3544970780e33d4df9e567e32150f19896be05caf5750eac77d646bd_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/lokistack-gateway-rhel8@sha256:a188ec66929c398ade76abf680a9a7258e583f17b0ebb1580c8bbe4791f73012_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a188ec66929c398ade76abf680a9a7258e583f17b0ebb1580c8bbe4791f73012_ppc64le" }, "product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:a188ec66929c398ade76abf680a9a7258e583f17b0ebb1580c8bbe4791f73012_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:4ddc204cb788f6f9329e7dc56e3e7c7746c30a7c5a12bdfd3cb806362927d80a_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:4ddc204cb788f6f9329e7dc56e3e7c7746c30a7c5a12bdfd3cb806362927d80a_ppc64le" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:4ddc204cb788f6f9329e7dc56e3e7c7746c30a7c5a12bdfd3cb806362927d80a_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:77630523a3bd3d23af4d436dc0bd8d5758d24a86e99dbd0ef463a37bf6b87a56_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:77630523a3bd3d23af4d436dc0bd8d5758d24a86e99dbd0ef463a37bf6b87a56_arm64" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:77630523a3bd3d23af4d436dc0bd8d5758d24a86e99dbd0ef463a37bf6b87a56_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:9d1b1a47273693b873d25304426489fb6cc499c9dad1940c5fc4f7293a412819_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9d1b1a47273693b873d25304426489fb6cc499c9dad1940c5fc4f7293a412819_s390x" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:9d1b1a47273693b873d25304426489fb6cc499c9dad1940c5fc4f7293a412819_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/opa-openshift-rhel8@sha256:f68add80fc64f6957f087b025942005f3de5db2f832199a543da969ac4955903_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:f68add80fc64f6957f087b025942005f3de5db2f832199a543da969ac4955903_amd64" }, "product_reference": "openshift-logging/opa-openshift-rhel8@sha256:f68add80fc64f6957f087b025942005f3de5db2f832199a543da969ac4955903_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:09adf52069dbbf3fc7192e20eca1bdb0e6bc405836b4be47412fc568cf9f8319_amd64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:09adf52069dbbf3fc7192e20eca1bdb0e6bc405836b4be47412fc568cf9f8319_amd64" }, "product_reference": "openshift-logging/vector-rhel8@sha256:09adf52069dbbf3fc7192e20eca1bdb0e6bc405836b4be47412fc568cf9f8319_amd64", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:c6d67b08190ee8f191a69ba12dc17a5be10c146f33b98ae0d1ba72b6c7f4d5eb_ppc64le as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:c6d67b08190ee8f191a69ba12dc17a5be10c146f33b98ae0d1ba72b6c7f4d5eb_ppc64le" }, "product_reference": "openshift-logging/vector-rhel8@sha256:c6d67b08190ee8f191a69ba12dc17a5be10c146f33b98ae0d1ba72b6c7f4d5eb_ppc64le", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:f98f732a7e82778aed2b0d0fb88a36d69e8cf2852d270d3e47e120b529a885d4_s390x as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:f98f732a7e82778aed2b0d0fb88a36d69e8cf2852d270d3e47e120b529a885d4_s390x" }, "product_reference": "openshift-logging/vector-rhel8@sha256:f98f732a7e82778aed2b0d0fb88a36d69e8cf2852d270d3e47e120b529a885d4_s390x", "relates_to_product_reference": "8Base-RHOL-5.4" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/vector-rhel8@sha256:fe020a4c315486f3e90534cdce69d336a1ee08289e9c0773a9100a593c98bea1_arm64 as a component of RHOL 5.4 for RHEL 8", "product_id": "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:fe020a4c315486f3e90534cdce69d336a1ee08289e9c0773a9100a593c98bea1_arm64" }, "product_reference": "openshift-logging/vector-rhel8@sha256:fe020a4c315486f3e90534cdce69d336a1ee08289e9c0773a9100a593c98bea1_arm64", "relates_to_product_reference": "8Base-RHOL-5.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-30123", "cwe": { "id": "CWE-179", "name": "Incorrect Behavior Order: Early Validation" }, "discovery_date": "2022-06-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:7ab5b5fc788cce18883243acbb5969bced246104636b250484c19c76dd4b93a6_amd64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:1b8bf87ec875fe41a66ea659a6b18c5e5659b316d45eea5ebdee33bae4ef81a1_s390x", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:2e002a48fad466ef0ec91bc70090c34d16cc9a13192b43bff5a8d26bad016b1d_ppc64le", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:6852056797fb71905807c327c6eb360ba8c21eaca7d6a56db3fdd40fb1ca8c91_arm64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:b7d74ad5055cde7320b9584fab00b35790034b5946ab5e5b3bb91b9dd53ba5ac_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:aab07bddd4f7f54fa89726a3d06c5fb46aa9949771d937fb26d01c6231868c51_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:0ac7eb6b479a554be15ab61e47d6d7ded410c1ec952d8754fa54f6f3eb16c8c6_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:119afbf853025bba3ed3a06e1ef5dbcc85520053110a9a32f0d19a7792d5ff90_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:361bb98599f559be65a59735307227ff4f80ef4e3ce242b2d09c13b1b3cc1e97_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:6383da98645b90f488612d7b9f97de1306e8b1377d42da2c55d3645c051769cd_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:54366435c4fdc0ed60acd5be4b6332a902e04a4983bd11c56f43cb60154ad858_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:91c00457ac77689695a0a419dffeaa27f58a09838d20ba8555536d9aee85606f_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:e2feda4d38877bf97f51e6f4d41c03752cabb24e483e508192696c1c6d073370_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:f7b3d237c663055b328ecd74bcce5187adc19bdbe37d2fdd6da568a2160ddfce_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:233e1632804aaf594c5c9765411e64d88e27186e9d7df136c9b2722496dbb891_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:6e3b8c4326a16d1996d63d3139fa8da07f836adb7380eebfd43c04afb5cc8160_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:90882305ff4c797b77fc0017697f408385138e9f436f18ad3f9ede84e3ce8917_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:c7ba034800b2815df849b292f40bb32bd2e6bb5ba4c00a06dfce8bce521facc6_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:288436122a88e3774ed1f67340701552853622ff3d7e93df79064aafc93793a5_arm64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:74d8ac8e86c7117dd879f8dafdb8124786ae0939075da0c6c77e590ec7c2803e_s390x", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:de6ee66aac30df18e4fb9d34f316d1220af07bfc64d730eba8381a87f59630e7_ppc64le", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:ecdcab4b6b5192f87209973f9634937b05d3916e5a21fb3be4c75cf40cacaf74_amd64", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4843583ba145b008d4117bcf7f24f50d8c67bfa75df0e2b2ac33a76b0dbc79ed_s390x", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:5b5205024db71e94e77c0c284af593765685093cfa3e7cdbed1fb1ab1e239270_amd64", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:681183bd8845927e77c735a8baa89915e33895f24a2411b683a440ac2d8de077_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:6c20722e93575354d264f7df0a7ad176ee0176966ec1da1be2bb8c5157c81364_arm64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:2fc648617368a8be448ac85fed88c0701fe49975aea66d647739f91e44731065_arm64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85e2db6e4785f510bd1a5ee0d032ff1cedaa8bace60a835795be1ca21783c6e6_amd64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:989592f347cbca72cd3ac0331b385265d30320656ba79ceece673edd6bc7872d_s390x", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:c013416d49d9d4e3741cbff5bde90d9a21009f5c6a3f8d7f05216255e7f49417_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:2dee63a8dada3bf1d446b4528e09d83dd79c6d6bebfc10dc509582335e00dd65_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:3efb8c753506ac2557bccc2d1500694e69bc43ac08ab41c3c4fdbc9f042e9135_s390x", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:85323d829ca949a9cd3d86b220caaeee3b59e518ec84d50d9eb29e5dbe0a67d6_amd64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:b864f913045f32c221b30e9739f0609cc2700474535060bb503429ddf360d59d_arm64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:06ec44e3c6b906b6402327e7294515396f0c810741c3ba1e18f0c6b29f0853ce_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:3101b26acd72020ffe02b8f11fc2452f266159f1e7125118edda108a9503c29a_arm64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:788bdc53fc2804979ef5de471175aaf572cdfd36a1ec0b1d0081073549e88f4b_s390x", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:da1a28456a58676270ec74f690c25e0d395304ba0c30f3c0e4ab08f32b6770a9_amd64", "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:36b7aca216180137eb518c35bba4e94d0260cbdbca6e26cfb4932d73d13f3401_amd64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:421f77e65c0d8130c762883c25c5d00879e57266278100424d2693eb3946c1f0_amd64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:4a10b28997798c6da95190e2caca50b138f7508e52237e605c498858749b4c69_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:4ebc8fb1304dd719e276723cce2890776f57ebea7eb6764ba47f387165bec58e_s390x", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:68a49f41366b2ee519ccbc2dae949dc320622422b191c41a9792738f47bb0135_arm64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:0461e5c960e044fe9eb89532d90af2c68c2577ab7599ff700077ba383a2c4b79_s390x", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:135fd57e3246485140a76d44db6a0337b51c7739af3a115002f898b54b2d56c8_arm64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:3afe1b2a3544970780e33d4df9e567e32150f19896be05caf5750eac77d646bd_amd64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a188ec66929c398ade76abf680a9a7258e583f17b0ebb1580c8bbe4791f73012_ppc64le", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:4ddc204cb788f6f9329e7dc56e3e7c7746c30a7c5a12bdfd3cb806362927d80a_ppc64le", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:77630523a3bd3d23af4d436dc0bd8d5758d24a86e99dbd0ef463a37bf6b87a56_arm64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9d1b1a47273693b873d25304426489fb6cc499c9dad1940c5fc4f7293a412819_s390x", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:f68add80fc64f6957f087b025942005f3de5db2f832199a543da969ac4955903_amd64", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:09adf52069dbbf3fc7192e20eca1bdb0e6bc405836b4be47412fc568cf9f8319_amd64", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:c6d67b08190ee8f191a69ba12dc17a5be10c146f33b98ae0d1ba72b6c7f4d5eb_ppc64le", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:f98f732a7e82778aed2b0d0fb88a36d69e8cf2852d270d3e47e120b529a885d4_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:fe020a4c315486f3e90534cdce69d336a1ee08289e9c0773a9100a593c98bea1_arm64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2099524" } ], "notes": [ { "category": "description", "text": "A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack\u0027s `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim\u0027s terminal.", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-rack: crafted requests can cause shell escape sequences", "title": "Vulnerability summary" }, { "category": "other", "text": "- Because Red Hat OpenStack Platform 13.0 Operational Tools packaged the flawed code, but does not use its functionality, its Impact has been reduced to \u0027Low\u0027.\n- To exploit this vulnerability, applications should have either of these middlewares \u0027Lint\u0027 or \u0027CommonLogger\u0027 installed, and vulnerable apps may have something like this: \n\u0027use Rack::Lint\u0027 OR \u0027use Rack::CommonLogger\u0027\nThe Red Hat products use the flawed code but don\u0027t use its functionality, Hence, the impact is set to Important.\n- Logging Subsystem for Red Hat OpenShift uses the vulnerable ruby gem-rack package in the openshift-logging/fluentd-rhel8 component to instantiate client-to-server communication. But, this component cannot receive any requests so exploitation by crafted request consumption is not possible. Therefore the impact of this vulnerability on the Logging Subsystem for Red Hat OpenShift is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:3a02e2eb672689fc012b4276291c86aba80677edf88c6e1625e4679d994dc58d_ppc64le", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:5f8e825cb25b65b9b2060fa51d9a611eb4284d62942e119c7172903848bc6915_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:973980c7d40d620669fbc0886c53e7788578916b2799e03a3a7be9c411baefe1_amd64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:a4ac93c66ec44e8af3f1b2e7622b00f2c439b02defaa109fa52b1199af5d7036_arm64" ], "known_not_affected": [ "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:7ab5b5fc788cce18883243acbb5969bced246104636b250484c19c76dd4b93a6_amd64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:1b8bf87ec875fe41a66ea659a6b18c5e5659b316d45eea5ebdee33bae4ef81a1_s390x", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:2e002a48fad466ef0ec91bc70090c34d16cc9a13192b43bff5a8d26bad016b1d_ppc64le", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:6852056797fb71905807c327c6eb360ba8c21eaca7d6a56db3fdd40fb1ca8c91_arm64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:b7d74ad5055cde7320b9584fab00b35790034b5946ab5e5b3bb91b9dd53ba5ac_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:aab07bddd4f7f54fa89726a3d06c5fb46aa9949771d937fb26d01c6231868c51_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:0ac7eb6b479a554be15ab61e47d6d7ded410c1ec952d8754fa54f6f3eb16c8c6_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:119afbf853025bba3ed3a06e1ef5dbcc85520053110a9a32f0d19a7792d5ff90_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:361bb98599f559be65a59735307227ff4f80ef4e3ce242b2d09c13b1b3cc1e97_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:6383da98645b90f488612d7b9f97de1306e8b1377d42da2c55d3645c051769cd_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:54366435c4fdc0ed60acd5be4b6332a902e04a4983bd11c56f43cb60154ad858_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:91c00457ac77689695a0a419dffeaa27f58a09838d20ba8555536d9aee85606f_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:e2feda4d38877bf97f51e6f4d41c03752cabb24e483e508192696c1c6d073370_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:f7b3d237c663055b328ecd74bcce5187adc19bdbe37d2fdd6da568a2160ddfce_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:233e1632804aaf594c5c9765411e64d88e27186e9d7df136c9b2722496dbb891_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:6e3b8c4326a16d1996d63d3139fa8da07f836adb7380eebfd43c04afb5cc8160_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:90882305ff4c797b77fc0017697f408385138e9f436f18ad3f9ede84e3ce8917_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:c7ba034800b2815df849b292f40bb32bd2e6bb5ba4c00a06dfce8bce521facc6_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:288436122a88e3774ed1f67340701552853622ff3d7e93df79064aafc93793a5_arm64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:74d8ac8e86c7117dd879f8dafdb8124786ae0939075da0c6c77e590ec7c2803e_s390x", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:de6ee66aac30df18e4fb9d34f316d1220af07bfc64d730eba8381a87f59630e7_ppc64le", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:ecdcab4b6b5192f87209973f9634937b05d3916e5a21fb3be4c75cf40cacaf74_amd64", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4843583ba145b008d4117bcf7f24f50d8c67bfa75df0e2b2ac33a76b0dbc79ed_s390x", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:5b5205024db71e94e77c0c284af593765685093cfa3e7cdbed1fb1ab1e239270_amd64", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:681183bd8845927e77c735a8baa89915e33895f24a2411b683a440ac2d8de077_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:6c20722e93575354d264f7df0a7ad176ee0176966ec1da1be2bb8c5157c81364_arm64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:2fc648617368a8be448ac85fed88c0701fe49975aea66d647739f91e44731065_arm64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85e2db6e4785f510bd1a5ee0d032ff1cedaa8bace60a835795be1ca21783c6e6_amd64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:989592f347cbca72cd3ac0331b385265d30320656ba79ceece673edd6bc7872d_s390x", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:c013416d49d9d4e3741cbff5bde90d9a21009f5c6a3f8d7f05216255e7f49417_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:2dee63a8dada3bf1d446b4528e09d83dd79c6d6bebfc10dc509582335e00dd65_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:3efb8c753506ac2557bccc2d1500694e69bc43ac08ab41c3c4fdbc9f042e9135_s390x", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:85323d829ca949a9cd3d86b220caaeee3b59e518ec84d50d9eb29e5dbe0a67d6_amd64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:b864f913045f32c221b30e9739f0609cc2700474535060bb503429ddf360d59d_arm64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:06ec44e3c6b906b6402327e7294515396f0c810741c3ba1e18f0c6b29f0853ce_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:3101b26acd72020ffe02b8f11fc2452f266159f1e7125118edda108a9503c29a_arm64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:788bdc53fc2804979ef5de471175aaf572cdfd36a1ec0b1d0081073549e88f4b_s390x", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:da1a28456a58676270ec74f690c25e0d395304ba0c30f3c0e4ab08f32b6770a9_amd64", "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:36b7aca216180137eb518c35bba4e94d0260cbdbca6e26cfb4932d73d13f3401_amd64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:421f77e65c0d8130c762883c25c5d00879e57266278100424d2693eb3946c1f0_amd64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:4a10b28997798c6da95190e2caca50b138f7508e52237e605c498858749b4c69_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:4ebc8fb1304dd719e276723cce2890776f57ebea7eb6764ba47f387165bec58e_s390x", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:68a49f41366b2ee519ccbc2dae949dc320622422b191c41a9792738f47bb0135_arm64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:0461e5c960e044fe9eb89532d90af2c68c2577ab7599ff700077ba383a2c4b79_s390x", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:135fd57e3246485140a76d44db6a0337b51c7739af3a115002f898b54b2d56c8_arm64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:3afe1b2a3544970780e33d4df9e567e32150f19896be05caf5750eac77d646bd_amd64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a188ec66929c398ade76abf680a9a7258e583f17b0ebb1580c8bbe4791f73012_ppc64le", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:4ddc204cb788f6f9329e7dc56e3e7c7746c30a7c5a12bdfd3cb806362927d80a_ppc64le", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:77630523a3bd3d23af4d436dc0bd8d5758d24a86e99dbd0ef463a37bf6b87a56_arm64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9d1b1a47273693b873d25304426489fb6cc499c9dad1940c5fc4f7293a412819_s390x", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:f68add80fc64f6957f087b025942005f3de5db2f832199a543da969ac4955903_amd64", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:09adf52069dbbf3fc7192e20eca1bdb0e6bc405836b4be47412fc568cf9f8319_amd64", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:c6d67b08190ee8f191a69ba12dc17a5be10c146f33b98ae0d1ba72b6c7f4d5eb_ppc64le", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:f98f732a7e82778aed2b0d0fb88a36d69e8cf2852d270d3e47e120b529a885d4_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:fe020a4c315486f3e90534cdce69d336a1ee08289e9c0773a9100a593c98bea1_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30123" }, { "category": "external", "summary": "RHBZ#2099524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099524" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30123", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30123" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30123", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30123" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-wq4h-7r42-5hrr", "url": "https://github.com/advisories/GHSA-wq4h-7r42-5hrr" } ], "release_date": "2022-05-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-02-15T11:08:43+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:3a02e2eb672689fc012b4276291c86aba80677edf88c6e1625e4679d994dc58d_ppc64le", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:5f8e825cb25b65b9b2060fa51d9a611eb4284d62942e119c7172903848bc6915_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:973980c7d40d620669fbc0886c53e7788578916b2799e03a3a7be9c411baefe1_amd64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:a4ac93c66ec44e8af3f1b2e7622b00f2c439b02defaa109fa52b1199af5d7036_arm64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0632" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:3a02e2eb672689fc012b4276291c86aba80677edf88c6e1625e4679d994dc58d_ppc64le", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:5f8e825cb25b65b9b2060fa51d9a611eb4284d62942e119c7172903848bc6915_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:973980c7d40d620669fbc0886c53e7788578916b2799e03a3a7be9c411baefe1_amd64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:a4ac93c66ec44e8af3f1b2e7622b00f2c439b02defaa109fa52b1199af5d7036_arm64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "rubygem-rack: crafted requests can cause shell escape sequences" }, { "cve": "CVE-2022-41717", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-01-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:7ab5b5fc788cce18883243acbb5969bced246104636b250484c19c76dd4b93a6_amd64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:1b8bf87ec875fe41a66ea659a6b18c5e5659b316d45eea5ebdee33bae4ef81a1_s390x", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:2e002a48fad466ef0ec91bc70090c34d16cc9a13192b43bff5a8d26bad016b1d_ppc64le", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:6852056797fb71905807c327c6eb360ba8c21eaca7d6a56db3fdd40fb1ca8c91_arm64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:b7d74ad5055cde7320b9584fab00b35790034b5946ab5e5b3bb91b9dd53ba5ac_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:aab07bddd4f7f54fa89726a3d06c5fb46aa9949771d937fb26d01c6231868c51_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:0ac7eb6b479a554be15ab61e47d6d7ded410c1ec952d8754fa54f6f3eb16c8c6_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:119afbf853025bba3ed3a06e1ef5dbcc85520053110a9a32f0d19a7792d5ff90_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:361bb98599f559be65a59735307227ff4f80ef4e3ce242b2d09c13b1b3cc1e97_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:6383da98645b90f488612d7b9f97de1306e8b1377d42da2c55d3645c051769cd_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:54366435c4fdc0ed60acd5be4b6332a902e04a4983bd11c56f43cb60154ad858_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:91c00457ac77689695a0a419dffeaa27f58a09838d20ba8555536d9aee85606f_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:e2feda4d38877bf97f51e6f4d41c03752cabb24e483e508192696c1c6d073370_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:f7b3d237c663055b328ecd74bcce5187adc19bdbe37d2fdd6da568a2160ddfce_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:233e1632804aaf594c5c9765411e64d88e27186e9d7df136c9b2722496dbb891_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:6e3b8c4326a16d1996d63d3139fa8da07f836adb7380eebfd43c04afb5cc8160_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:90882305ff4c797b77fc0017697f408385138e9f436f18ad3f9ede84e3ce8917_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:c7ba034800b2815df849b292f40bb32bd2e6bb5ba4c00a06dfce8bce521facc6_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:288436122a88e3774ed1f67340701552853622ff3d7e93df79064aafc93793a5_arm64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:74d8ac8e86c7117dd879f8dafdb8124786ae0939075da0c6c77e590ec7c2803e_s390x", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:de6ee66aac30df18e4fb9d34f316d1220af07bfc64d730eba8381a87f59630e7_ppc64le", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:ecdcab4b6b5192f87209973f9634937b05d3916e5a21fb3be4c75cf40cacaf74_amd64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:3a02e2eb672689fc012b4276291c86aba80677edf88c6e1625e4679d994dc58d_ppc64le", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:5f8e825cb25b65b9b2060fa51d9a611eb4284d62942e119c7172903848bc6915_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:973980c7d40d620669fbc0886c53e7788578916b2799e03a3a7be9c411baefe1_amd64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:a4ac93c66ec44e8af3f1b2e7622b00f2c439b02defaa109fa52b1199af5d7036_arm64", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4843583ba145b008d4117bcf7f24f50d8c67bfa75df0e2b2ac33a76b0dbc79ed_s390x", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:5b5205024db71e94e77c0c284af593765685093cfa3e7cdbed1fb1ab1e239270_amd64", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:681183bd8845927e77c735a8baa89915e33895f24a2411b683a440ac2d8de077_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:6c20722e93575354d264f7df0a7ad176ee0176966ec1da1be2bb8c5157c81364_arm64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:2fc648617368a8be448ac85fed88c0701fe49975aea66d647739f91e44731065_arm64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85e2db6e4785f510bd1a5ee0d032ff1cedaa8bace60a835795be1ca21783c6e6_amd64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:989592f347cbca72cd3ac0331b385265d30320656ba79ceece673edd6bc7872d_s390x", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:c013416d49d9d4e3741cbff5bde90d9a21009f5c6a3f8d7f05216255e7f49417_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:2dee63a8dada3bf1d446b4528e09d83dd79c6d6bebfc10dc509582335e00dd65_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:3efb8c753506ac2557bccc2d1500694e69bc43ac08ab41c3c4fdbc9f042e9135_s390x", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:85323d829ca949a9cd3d86b220caaeee3b59e518ec84d50d9eb29e5dbe0a67d6_amd64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:b864f913045f32c221b30e9739f0609cc2700474535060bb503429ddf360d59d_arm64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:06ec44e3c6b906b6402327e7294515396f0c810741c3ba1e18f0c6b29f0853ce_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:3101b26acd72020ffe02b8f11fc2452f266159f1e7125118edda108a9503c29a_arm64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:788bdc53fc2804979ef5de471175aaf572cdfd36a1ec0b1d0081073549e88f4b_s390x", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:da1a28456a58676270ec74f690c25e0d395304ba0c30f3c0e4ab08f32b6770a9_amd64", "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:36b7aca216180137eb518c35bba4e94d0260cbdbca6e26cfb4932d73d13f3401_amd64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:421f77e65c0d8130c762883c25c5d00879e57266278100424d2693eb3946c1f0_amd64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:4a10b28997798c6da95190e2caca50b138f7508e52237e605c498858749b4c69_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:4ebc8fb1304dd719e276723cce2890776f57ebea7eb6764ba47f387165bec58e_s390x", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:68a49f41366b2ee519ccbc2dae949dc320622422b191c41a9792738f47bb0135_arm64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:4ddc204cb788f6f9329e7dc56e3e7c7746c30a7c5a12bdfd3cb806362927d80a_ppc64le", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:77630523a3bd3d23af4d436dc0bd8d5758d24a86e99dbd0ef463a37bf6b87a56_arm64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9d1b1a47273693b873d25304426489fb6cc499c9dad1940c5fc4f7293a412819_s390x", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:f68add80fc64f6957f087b025942005f3de5db2f832199a543da969ac4955903_amd64", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:09adf52069dbbf3fc7192e20eca1bdb0e6bc405836b4be47412fc568cf9f8319_amd64", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:c6d67b08190ee8f191a69ba12dc17a5be10c146f33b98ae0d1ba72b6c7f4d5eb_ppc64le", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:f98f732a7e82778aed2b0d0fb88a36d69e8cf2852d270d3e47e120b529a885d4_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:fe020a4c315486f3e90534cdce69d336a1ee08289e9c0773a9100a593c98bea1_arm64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2161274" } ], "notes": [ { "category": "description", "text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests", "title": "Vulnerability summary" }, { "category": "other", "text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:0461e5c960e044fe9eb89532d90af2c68c2577ab7599ff700077ba383a2c4b79_s390x", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:135fd57e3246485140a76d44db6a0337b51c7739af3a115002f898b54b2d56c8_arm64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:3afe1b2a3544970780e33d4df9e567e32150f19896be05caf5750eac77d646bd_amd64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a188ec66929c398ade76abf680a9a7258e583f17b0ebb1580c8bbe4791f73012_ppc64le" ], "known_not_affected": [ "8Base-RHOL-5.4:openshift-logging/cluster-logging-operator-bundle@sha256:7ab5b5fc788cce18883243acbb5969bced246104636b250484c19c76dd4b93a6_amd64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:1b8bf87ec875fe41a66ea659a6b18c5e5659b316d45eea5ebdee33bae4ef81a1_s390x", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:2e002a48fad466ef0ec91bc70090c34d16cc9a13192b43bff5a8d26bad016b1d_ppc64le", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:6852056797fb71905807c327c6eb360ba8c21eaca7d6a56db3fdd40fb1ca8c91_arm64", "8Base-RHOL-5.4:openshift-logging/cluster-logging-rhel8-operator@sha256:b7d74ad5055cde7320b9584fab00b35790034b5946ab5e5b3bb91b9dd53ba5ac_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-operator-bundle@sha256:aab07bddd4f7f54fa89726a3d06c5fb46aa9949771d937fb26d01c6231868c51_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:0ac7eb6b479a554be15ab61e47d6d7ded410c1ec952d8754fa54f6f3eb16c8c6_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:119afbf853025bba3ed3a06e1ef5dbcc85520053110a9a32f0d19a7792d5ff90_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:361bb98599f559be65a59735307227ff4f80ef4e3ce242b2d09c13b1b3cc1e97_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-proxy-rhel8@sha256:6383da98645b90f488612d7b9f97de1306e8b1377d42da2c55d3645c051769cd_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:54366435c4fdc0ed60acd5be4b6332a902e04a4983bd11c56f43cb60154ad858_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:91c00457ac77689695a0a419dffeaa27f58a09838d20ba8555536d9aee85606f_amd64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:e2feda4d38877bf97f51e6f4d41c03752cabb24e483e508192696c1c6d073370_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch-rhel8-operator@sha256:f7b3d237c663055b328ecd74bcce5187adc19bdbe37d2fdd6da568a2160ddfce_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:233e1632804aaf594c5c9765411e64d88e27186e9d7df136c9b2722496dbb891_s390x", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:6e3b8c4326a16d1996d63d3139fa8da07f836adb7380eebfd43c04afb5cc8160_ppc64le", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:90882305ff4c797b77fc0017697f408385138e9f436f18ad3f9ede84e3ce8917_arm64", "8Base-RHOL-5.4:openshift-logging/elasticsearch6-rhel8@sha256:c7ba034800b2815df849b292f40bb32bd2e6bb5ba4c00a06dfce8bce521facc6_amd64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:288436122a88e3774ed1f67340701552853622ff3d7e93df79064aafc93793a5_arm64", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:74d8ac8e86c7117dd879f8dafdb8124786ae0939075da0c6c77e590ec7c2803e_s390x", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:de6ee66aac30df18e4fb9d34f316d1220af07bfc64d730eba8381a87f59630e7_ppc64le", "8Base-RHOL-5.4:openshift-logging/eventrouter-rhel8@sha256:ecdcab4b6b5192f87209973f9634937b05d3916e5a21fb3be4c75cf40cacaf74_amd64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:3a02e2eb672689fc012b4276291c86aba80677edf88c6e1625e4679d994dc58d_ppc64le", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:5f8e825cb25b65b9b2060fa51d9a611eb4284d62942e119c7172903848bc6915_s390x", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:973980c7d40d620669fbc0886c53e7788578916b2799e03a3a7be9c411baefe1_amd64", "8Base-RHOL-5.4:openshift-logging/fluentd-rhel8@sha256:a4ac93c66ec44e8af3f1b2e7622b00f2c439b02defaa109fa52b1199af5d7036_arm64", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:4843583ba145b008d4117bcf7f24f50d8c67bfa75df0e2b2ac33a76b0dbc79ed_s390x", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:5b5205024db71e94e77c0c284af593765685093cfa3e7cdbed1fb1ab1e239270_amd64", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:681183bd8845927e77c735a8baa89915e33895f24a2411b683a440ac2d8de077_ppc64le", "8Base-RHOL-5.4:openshift-logging/kibana6-rhel8@sha256:6c20722e93575354d264f7df0a7ad176ee0176966ec1da1be2bb8c5157c81364_arm64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:2fc648617368a8be448ac85fed88c0701fe49975aea66d647739f91e44731065_arm64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:85e2db6e4785f510bd1a5ee0d032ff1cedaa8bace60a835795be1ca21783c6e6_amd64", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:989592f347cbca72cd3ac0331b385265d30320656ba79ceece673edd6bc7872d_s390x", "8Base-RHOL-5.4:openshift-logging/log-file-metric-exporter-rhel8@sha256:c013416d49d9d4e3741cbff5bde90d9a21009f5c6a3f8d7f05216255e7f49417_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:2dee63a8dada3bf1d446b4528e09d83dd79c6d6bebfc10dc509582335e00dd65_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:3efb8c753506ac2557bccc2d1500694e69bc43ac08ab41c3c4fdbc9f042e9135_s390x", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:85323d829ca949a9cd3d86b220caaeee3b59e518ec84d50d9eb29e5dbe0a67d6_amd64", "8Base-RHOL-5.4:openshift-logging/logging-curator5-rhel8@sha256:b864f913045f32c221b30e9739f0609cc2700474535060bb503429ddf360d59d_arm64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:06ec44e3c6b906b6402327e7294515396f0c810741c3ba1e18f0c6b29f0853ce_ppc64le", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:3101b26acd72020ffe02b8f11fc2452f266159f1e7125118edda108a9503c29a_arm64", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:788bdc53fc2804979ef5de471175aaf572cdfd36a1ec0b1d0081073549e88f4b_s390x", "8Base-RHOL-5.4:openshift-logging/logging-loki-rhel8@sha256:da1a28456a58676270ec74f690c25e0d395304ba0c30f3c0e4ab08f32b6770a9_amd64", "8Base-RHOL-5.4:openshift-logging/loki-operator-bundle@sha256:36b7aca216180137eb518c35bba4e94d0260cbdbca6e26cfb4932d73d13f3401_amd64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:421f77e65c0d8130c762883c25c5d00879e57266278100424d2693eb3946c1f0_amd64", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:4a10b28997798c6da95190e2caca50b138f7508e52237e605c498858749b4c69_ppc64le", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:4ebc8fb1304dd719e276723cce2890776f57ebea7eb6764ba47f387165bec58e_s390x", "8Base-RHOL-5.4:openshift-logging/loki-rhel8-operator@sha256:68a49f41366b2ee519ccbc2dae949dc320622422b191c41a9792738f47bb0135_arm64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:4ddc204cb788f6f9329e7dc56e3e7c7746c30a7c5a12bdfd3cb806362927d80a_ppc64le", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:77630523a3bd3d23af4d436dc0bd8d5758d24a86e99dbd0ef463a37bf6b87a56_arm64", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:9d1b1a47273693b873d25304426489fb6cc499c9dad1940c5fc4f7293a412819_s390x", "8Base-RHOL-5.4:openshift-logging/opa-openshift-rhel8@sha256:f68add80fc64f6957f087b025942005f3de5db2f832199a543da969ac4955903_amd64", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:09adf52069dbbf3fc7192e20eca1bdb0e6bc405836b4be47412fc568cf9f8319_amd64", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:c6d67b08190ee8f191a69ba12dc17a5be10c146f33b98ae0d1ba72b6c7f4d5eb_ppc64le", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:f98f732a7e82778aed2b0d0fb88a36d69e8cf2852d270d3e47e120b529a885d4_s390x", "8Base-RHOL-5.4:openshift-logging/vector-rhel8@sha256:fe020a4c315486f3e90534cdce69d336a1ee08289e9c0773a9100a593c98bea1_arm64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41717" }, { "category": "external", "summary": "RHBZ#2161274", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717" }, { "category": "external", "summary": "https://go.dev/cl/455635", "url": "https://go.dev/cl/455635" }, { "category": "external", "summary": "https://go.dev/cl/455717", "url": "https://go.dev/cl/455717" }, { "category": "external", "summary": "https://go.dev/issue/56350", "url": "https://go.dev/issue/56350" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2022-1144", "url": "https://pkg.go.dev/vuln/GO-2022-1144" } ], "release_date": "2022-11-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-02-15T11:08:43+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:0461e5c960e044fe9eb89532d90af2c68c2577ab7599ff700077ba383a2c4b79_s390x", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:135fd57e3246485140a76d44db6a0337b51c7739af3a115002f898b54b2d56c8_arm64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:3afe1b2a3544970780e33d4df9e567e32150f19896be05caf5750eac77d646bd_amd64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a188ec66929c398ade76abf680a9a7258e583f17b0ebb1580c8bbe4791f73012_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:0632" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:0461e5c960e044fe9eb89532d90af2c68c2577ab7599ff700077ba383a2c4b79_s390x", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:135fd57e3246485140a76d44db6a0337b51c7739af3a115002f898b54b2d56c8_arm64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:3afe1b2a3544970780e33d4df9e567e32150f19896be05caf5750eac77d646bd_amd64", "8Base-RHOL-5.4:openshift-logging/lokistack-gateway-rhel8@sha256:a188ec66929c398ade76abf680a9a7258e583f17b0ebb1580c8bbe4791f73012_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests" } ] }
rhsa-2023_1486
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat Gluster Storage 3.5 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nDjango is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don\u0027t Repeat Yourself) principle.\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es):\n\n* puma-5.6.4: http request smuggling vulnerabilities (CVE-2022-24790)\n\n* rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* rubygem-tzinfo: arbitrary code execution (CVE-2022-31163)\n\n* rubygem-rack: crafted multipart POST request may cause a DoS (CVE-2022-30122)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1486", "url": "https://access.redhat.com/errata/RHSA-2023:1486" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2071616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071616" }, { "category": "external", "summary": "2099519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099519" }, { "category": "external", "summary": "2099524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099524" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2110551", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110551" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1486.json" } ], "title": "Red Hat Security Advisory: Red Hat Gluster Storage web-admin-build security update", "tracking": { "current_release_date": "2024-11-25T05:50:46+00:00", "generator": { "date": "2024-11-25T05:50:46+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:1486", "initial_release_date": "2023-03-28T00:18:32+00:00", "revision_history": [ { "date": "2023-03-28T00:18:32+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-03-28T00:18:32+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T05:50:46+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Gluster 3.5 Web Administration on RHEL-7", "product": { "name": "Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration", "product_identification_helper": { "cpe": "cpe:/a:redhat:storage:3.5:wa:el7" } } } ], "category": "product_family", "name": "Red Hat Gluster Storage" }, { "branches": [ { "category": "product_version", "name": "grafana-0:5.2.4-6.el7rhgs.src", "product": { "name": "grafana-0:5.2.4-6.el7rhgs.src", "product_id": "grafana-0:5.2.4-6.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana@5.2.4-6.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "python-django-0:1.11.27-4.el7rhgs.src", "product": { "name": "python-django-0:1.11.27-4.el7rhgs.src", "product_id": "python-django-0:1.11.27-4.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-django@1.11.27-4.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "ruby-0:2.4.9-94.el7rhgs.src", "product": { "name": "ruby-0:2.4.9-94.el7rhgs.src", "product_id": "ruby-0:2.4.9-94.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby@2.4.9-94.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "product": { "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "product_id": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-activemodel@5.2.0-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "product": { "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "product_id": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-activesupport@5.2.0-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "product": { "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "product_id": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-bcrypt@3.1.12-2.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "product": { "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "product_id": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-concurrent-ruby@1.1.9-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src", "product": { "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src", "product_id": "rubygem-i18n-0:1.9.1-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-i18n@1.9.1-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "product": { "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "product_id": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-mustermann@1.0.3-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "product": { "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "product_id": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-nio4r@2.3.1-2.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-puma-0:4.3.12-1.el7rhgs.src", "product": { "name": "rubygem-puma-0:4.3.12-1.el7rhgs.src", "product_id": "rubygem-puma-0:4.3.12-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-puma@4.3.12-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-rack-0:2.2.4-1.el7rhgs.src", "product": { "name": "rubygem-rack-0:2.2.4-1.el7rhgs.src", "product_id": "rubygem-rack-0:2.2.4-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rack@2.2.4-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "product": { "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "product_id": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rack-protection@2.2.0-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "product": { "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "product_id": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-sinatra@2.2.0-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "product": { "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "product_id": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-thread_safe@0.3.6-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src", "product": { "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src", "product_id": "rubygem-tilt-0:2.0.11-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-tilt@2.0.11-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "product": { "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "product_id": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.10-1.el7rhgs?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "grafana-0:5.2.4-6.el7rhgs.x86_64", "product": { "name": "grafana-0:5.2.4-6.el7rhgs.x86_64", "product_id": "grafana-0:5.2.4-6.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana@5.2.4-6.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "ruby-0:2.4.9-94.el7rhgs.x86_64", "product": { "name": "ruby-0:2.4.9-94.el7rhgs.x86_64", "product_id": "ruby-0:2.4.9-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby@2.4.9-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "product": { "name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "product_id": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby-devel@2.4.9-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "product": { "name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "product_id": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby-libs@2.4.9-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "product": { "name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "product_id": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-bigdecimal@1.3.2-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "product": { "name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "product_id": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-did_you_mean@1.1.0-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "product": { "name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "product_id": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-io-console@0.4.6-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "product": { "name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "product_id": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-json@2.0.4-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "product": { "name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "product_id": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-net-telnet@0.1.1-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "product": { "name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "product_id": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-openssl@2.0.9-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "product": { "name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "product_id": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-psych@2.2.2-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "product": { "name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "product_id": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby-debuginfo@2.4.9-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "product": { "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "product_id": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-bcrypt@3.1.12-2.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "product": { "name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "product_id": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-bcrypt-debuginfo@3.1.12-2.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "product": { "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "product_id": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-nio4r@2.3.1-2.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "product": { "name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "product_id": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-nio4r-debuginfo@2.3.1-2.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "product": { "name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "product_id": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-puma@4.3.12-1.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "product": { "name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "product_id": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-puma-debuginfo@4.3.12-1.el7rhgs?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "product": { "name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "product_id": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-django-bash-completion@1.11.27-4.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "python2-django-0:1.11.27-4.el7rhgs.noarch", "product": { "name": "python2-django-0:1.11.27-4.el7rhgs.noarch", "product_id": "python2-django-0:1.11.27-4.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python2-django@1.11.27-4.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "product": { "name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "product_id": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python2-django-doc@1.11.27-4.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch", "product": { "name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch", "product_id": "ruby-doc-0:2.4.9-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby-doc@2.4.9-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch", "product": { "name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch", "product_id": "ruby-irb-0:2.4.9-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby-irb@2.4.9-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "product": { "name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "product_id": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-minitest@5.10.1-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "product": { "name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "product_id": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-power_assert@0.4.1-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "product": { "name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "product_id": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rake@12.0.0-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "product": { "name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "product_id": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rdoc@5.0.1-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "product": { "name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "product_id": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-test-unit@3.2.3-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "product": { "name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "product_id": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-xmlrpc@0.2.1-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch", "product": { "name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch", "product_id": "rubygems-0:2.6.14.4-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygems@2.6.14.4-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch", "product": { "name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch", "product_id": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygems-devel@2.6.14.4-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "product": { "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "product_id": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-activemodel@5.2.0-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "product": { "name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "product_id": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-activemodel-doc@5.2.0-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "product": { "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "product_id": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-activesupport@5.2.0-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "product": { "name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "product_id": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-activesupport-doc@5.2.0-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "product": { "name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "product_id": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-bcrypt-doc@3.1.12-2.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "product": { "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "product_id": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-concurrent-ruby@1.1.9-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "product": { "name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "product_id": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-concurrent-ruby-doc@1.1.9-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "product": { "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "product_id": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-i18n@1.9.1-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "product": { "name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "product_id": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-i18n-doc@1.9.1-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "product": { "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "product_id": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-mustermann@1.0.3-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "product": { "name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "product_id": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-mustermann-doc@1.0.3-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "product": { "name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "product_id": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-nio4r-doc@2.3.1-2.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "product": { "name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "product_id": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-puma-doc@4.3.12-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "product": { "name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "product_id": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rack@2.2.4-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "product": { "name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "product_id": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rack-doc@2.2.4-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "product": { "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "product_id": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rack-protection@2.2.0-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "product": { "name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "product_id": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rack-protection-doc@2.2.0-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "product": { "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "product_id": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-sinatra@2.2.0-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "product": { "name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "product_id": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-sinatra-doc@2.2.0-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "product": { "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "product_id": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-thread_safe@0.3.6-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "product": { "name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "product_id": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-thread_safe-doc@0.3.6-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "product": { "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "product_id": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-tilt@2.0.11-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "product": { "name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "product_id": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-tilt-doc@2.0.11-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "product": { "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "product_id": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.10-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "product": { "name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "product_id": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-tzinfo-doc@1.2.10-1.el7rhgs?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "grafana-0:5.2.4-6.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src" }, "product_reference": "grafana-0:5.2.4-6.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:5.2.4-6.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64" }, "product_reference": "grafana-0:5.2.4-6.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "python-django-0:1.11.27-4.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src" }, "product_reference": "python-django-0:1.11.27-4.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch" }, "product_reference": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "python2-django-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch" }, "product_reference": "python2-django-0:1.11.27-4.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch" }, "product_reference": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-0:2.4.9-94.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src" }, "product_reference": "ruby-0:2.4.9-94.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64" }, "product_reference": "ruby-0:2.4.9-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64" }, "product_reference": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64" }, "product_reference": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch" }, "product_reference": "ruby-doc-0:2.4.9-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch" }, "product_reference": "ruby-irb-0:2.4.9-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64" }, "product_reference": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch" }, "product_reference": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src" }, "product_reference": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch" }, "product_reference": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch" }, "product_reference": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src" }, "product_reference": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch" }, "product_reference": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src" }, "product_reference": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64" }, "product_reference": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64" }, "product_reference": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch" }, "product_reference": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64" }, "product_reference": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch" }, "product_reference": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src" }, "product_reference": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch" }, "product_reference": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64" }, "product_reference": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch" }, "product_reference": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src" }, "product_reference": "rubygem-i18n-0:1.9.1-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch" }, "product_reference": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64" }, "product_reference": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64" }, "product_reference": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch" }, "product_reference": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch" }, "product_reference": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src" }, "product_reference": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch" }, "product_reference": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64" }, "product_reference": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src" }, "product_reference": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64" }, "product_reference": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64" }, "product_reference": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch" }, "product_reference": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64" }, "product_reference": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch" }, "product_reference": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64" }, "product_reference": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-puma-0:4.3.12-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src" }, "product_reference": "rubygem-puma-0:4.3.12-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64" }, "product_reference": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64" }, "product_reference": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch" }, "product_reference": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch" }, "product_reference": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-0:2.2.4-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src" }, "product_reference": "rubygem-rack-0:2.2.4-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch" }, "product_reference": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch" }, "product_reference": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src" }, "product_reference": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch" }, "product_reference": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch" }, "product_reference": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch" }, "product_reference": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch" }, "product_reference": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src" }, "product_reference": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch" }, "product_reference": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch" }, "product_reference": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch" }, "product_reference": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src" }, "product_reference": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch" }, "product_reference": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch" }, "product_reference": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src" }, "product_reference": "rubygem-tilt-0:2.0.11-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch" }, "product_reference": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch" }, "product_reference": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src" }, "product_reference": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch" }, "product_reference": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch" }, "product_reference": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch" }, "product_reference": "rubygems-0:2.6.14.4-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" }, "product_reference": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-24790", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-04-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2071616" } ], "notes": [ { "category": "description", "text": "A HTTP request smuggling flaw was found in puma. This issue occurs when using puma behind a proxy. Puma does not validate incoming HTTP requests, as per RFC specification, leading to loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "puma-5.6.4: http request smuggling vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch" ], "known_not_affected": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24790" }, { "category": "external", "summary": "RHBZ#2071616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071616" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24790", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24790" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790" } ], "release_date": "2022-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-28T00:18:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "puma-5.6.4: http request smuggling vulnerabilities" }, { "cve": "CVE-2022-30122", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-06-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2099519" } ], "notes": [ { "category": "description", "text": "A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack\u0027s multipart parser to take much longer than expected, leading to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-rack: crafted multipart POST request may cause a DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch" ], "known_not_affected": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30122" }, { "category": "external", "summary": "RHBZ#2099519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099519" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30122", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30122" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30122", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30122" }, { "category": "external", "summary": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml", "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml" } ], "release_date": "2022-05-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-28T00:18:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "rubygem-rack: crafted multipart POST request may cause a DoS" }, { "cve": "CVE-2022-30123", "cwe": { "id": "CWE-179", "name": "Incorrect Behavior Order: Early Validation" }, "discovery_date": "2022-06-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2099524" } ], "notes": [ { "category": "description", "text": "A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack\u0027s `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim\u0027s terminal.", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-rack: crafted requests can cause shell escape sequences", "title": "Vulnerability summary" }, { "category": "other", "text": "- Because Red Hat OpenStack Platform 13.0 Operational Tools packaged the flawed code, but does not use its functionality, its Impact has been reduced to \u0027Low\u0027.\n- To exploit this vulnerability, applications should have either of these middlewares \u0027Lint\u0027 or \u0027CommonLogger\u0027 installed, and vulnerable apps may have something like this: \n\u0027use Rack::Lint\u0027 OR \u0027use Rack::CommonLogger\u0027\nThe Red Hat products use the flawed code but don\u0027t use its functionality, Hence, the impact is set to Important.\n- Logging Subsystem for Red Hat OpenShift uses the vulnerable ruby gem-rack package in the openshift-logging/fluentd-rhel8 component to instantiate client-to-server communication. But, this component cannot receive any requests so exploitation by crafted request consumption is not possible. Therefore the impact of this vulnerability on the Logging Subsystem for Red Hat OpenShift is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch" ], "known_not_affected": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30123" }, { "category": "external", "summary": "RHBZ#2099524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099524" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30123", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30123" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30123", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30123" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-wq4h-7r42-5hrr", "url": "https://github.com/advisories/GHSA-wq4h-7r42-5hrr" } ], "release_date": "2022-05-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-28T00:18:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "rubygem-rack: crafted requests can cause shell escape sequences" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64" ], "known_not_affected": [ "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-28T00:18:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" }, { "cve": "CVE-2022-31163", "cwe": { "id": "CWE-23", "name": "Relative Path Traversal" }, "discovery_date": "2022-07-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2110551" } ], "notes": [ { "category": "description", "text": "A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within the Ruby process.", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-tzinfo: arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch" ], "known_not_affected": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31163" }, { "category": "external", "summary": "RHBZ#2110551", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110551" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31163", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31163" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163" }, { "category": "external", "summary": "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx", "url": "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx" } ], "release_date": "2022-07-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-28T00:18:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1486" }, { "category": "workaround", "details": "As a workaround, the time zone identifier can be validated before passing to TZInfo::Timezone.get by ensuring it matches the regular expression \\A[A-Za-z0-9+\\-_]+(?:\\/[A-Za-z0-9+\\-_]+)*\\z.", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "rubygem-tzinfo: arbitrary code execution" } ] }
gsd-2022-30123
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2022-30123", "id": "GSD-2022-30123", "references": [ "https://www.suse.com/security/cve/CVE-2022-30123.html", "https://advisories.mageia.org/CVE-2022-30123.html", "https://access.redhat.com/errata/RHSA-2022:7343", "https://access.redhat.com/errata/RHSA-2023:0632", "https://ubuntu.com/security/CVE-2022-30123" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "affected": [ { "package": { "ecosystem": "RubyGems", "name": "rack", "purl": "pkg:gem/rack" } } ], "aliases": [ "CVE-2022-30123", "GHSA-wq4h-7r42-5hrr" ], "details": "There is a possible shell escape sequence injection vulnerability in the Lint\nand CommonLogger components of Rack. This vulnerability has been assigned the\nCVE identifier CVE-2022-30123.\n\nVersions Affected: All.\nNot affected: None\nFixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1\n\n## Impact\nCarefully crafted requests can cause shell escape sequences to be written to\nthe terminal via Rack\u0027s Lint middleware and CommonLogger middleware. These\nescape sequences can be leveraged to possibly execute commands in the victim\u0027s\nterminal.\n\nImpacted applications will have either of these middleware installed, and\nvulnerable apps may have something like this:\n\n```\nuse Rack::Lint\n```\n\nOr\n\n```\nuse Rack::CommonLogger\n```\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\n## Workarounds\nRemove these middleware from your application\n", "id": "GSD-2022-30123", "modified": "2022-06-27T00:00:00.000Z", "published": "2022-06-27T00:00:00.000Z", "references": [ { "type": "WEB", "url": "https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8" } ], "schema_version": "1.4.0", "severity": [ { "score": 10.0, "type": "CVSS_V3" } ], "summary": "Possible shell escape sequence injection vulnerability in Rack" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "support@hackerone.com", "ID": "CVE-2022-30123", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "https://github.com/rack/rack", "version": { "version_data": [ { "version_value": "2.0.9.1, 2.1.4.1, 2.2.3.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150)" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728", "refsource": "MISC", "url": "https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728" }, { "name": "DSA-5530", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2023/dsa-5530" }, { "name": "GLSA-202310-18", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202310-18" }, { "name": "https://security.netapp.com/advisory/ntap-20231208-0011/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20231208-0011/" } ] } }, "github.com/rubysec/ruby-advisory-db": { "cve": "2022-30123", "cvss_v3": 10.0, "date": "2022-06-27", "description": "There is a possible shell escape sequence injection vulnerability in the Lint\nand CommonLogger components of Rack. This vulnerability has been assigned the\nCVE identifier CVE-2022-30123.\n\nVersions Affected: All.\nNot affected: None\nFixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1\n\n## Impact\nCarefully crafted requests can cause shell escape sequences to be written to\nthe terminal via Rack\u0027s Lint middleware and CommonLogger middleware. These\nescape sequences can be leveraged to possibly execute commands in the victim\u0027s\nterminal.\n\nImpacted applications will have either of these middleware installed, and\nvulnerable apps may have something like this:\n\n```\nuse Rack::Lint\n```\n\nOr\n\n```\nuse Rack::CommonLogger\n```\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\n## Workarounds\nRemove these middleware from your application\n", "gem": "rack", "ghsa": "wq4h-7r42-5hrr", "patched_versions": [ "~\u003e 2.0.9, \u003e= 2.0.9.1", "~\u003e 2.1.4, \u003e= 2.1.4.1", "\u003e= 2.2.3.1" ], "title": "Possible shell escape sequence injection vulnerability in Rack", "url": "https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8" }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c2.0.9.1||\u003e=2.1.0 \u003c2.1.4.1||\u003e=2.2.0 \u003c2.2.3.1", "affected_versions": "All versions before 2.0.9.1, all versions starting from 2.1.0 before 2.1.4.1, all versions starting from 2.2.0 before 2.2.3.1", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-937", "CWE-150", "CWE-78" ], "date": "2022-12-07", "description": "A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.", "fixed_versions": [ "2.0.9.1", "2.1.4.1", "2.2.3.1" ], "identifier": "CVE-2022-30123", "identifiers": [ "CVE-2022-30123", "GHSA-wq4h-7r42-5hrr", "GMS-2022-1644" ], "not_impacted": "All versions starting from 2.0.9.1 before 2.1.0, all versions starting from 2.1.4.1 before 2.2.0, all versions starting from 2.2.3.1", "package_slug": "gem/rack", "pubdate": "2022-12-05", "solution": "Upgrade to versions 2.0.9.1, 2.1.4.1, 2.2.3.1 or above.", "title": "Improper Neutralization of Escape, Meta, or Control Sequences", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2022-30123", "https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728", "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30123.yml", "https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8", "https://github.com/advisories/GHSA-wq4h-7r42-5hrr" ], "uuid": "cd1f3f9e-a685-4106-8dff-125e7cf1ea8d" }, { "affected_range": "\u003c0", "affected_versions": "All versions up to 2.0.9.0, all versions starting from 2.1 up to 2.1.4.0, all versions starting from 2.2 up to 2.2.3.0", "cwe_ids": [ "CWE-1035", "CWE-78", "CWE-937" ], "date": "2022-05-27", "description": "Carefully crafted requests can cause shell escape sequences to be written to the terminal via Rack\u0027s Lint middleware and CommonLogger middleware. These escape sequences can be leveraged to possibly execute commands in the victim\u0027s terminal.", "fixed_versions": [ "2.0.9.1", "2.1.4.1", "2.2.3.1" ], "identifier": "GMS-2022-1644", "identifiers": [ "GHSA-wq4h-7r42-5hrr", "GMS-2022-1644", "CVE-2022-30123" ], "not_impacted": "All versions after 2.0.9.0 before 2.1, all versions after 2.1.4.0 before 2.2, all versions after 2.2.3.0", "package_slug": "gem/rack", "pubdate": "2022-05-27", "solution": "Upgrade to versions 2.0.9.1, 2.1.4.1, 2.2.3.1 or above.", "title": "Duplicate of ./gem/rack/CVE-2022-30123.yml", "urls": [ "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30123.yml", "https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8", "https://github.com/advisories/GHSA-wq4h-7r42-5hrr" ], "uuid": "60b5a27f-4e4d-4ab4-8ae7-74b4b212e177" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.3.1", "versionStartIncluding": "2.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.4.1", "versionStartIncluding": "2.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0.9.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "support@hackerone.com", "ID": "CVE-2022-30123" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "A sequence injection vulnerability exists in Rack \u003c2.0.9.1, \u003c2.1.4.1 and \u003c2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ] }, "references": { "reference_data": [ { "name": "https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728" }, { "name": "DSA-5530", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2023/dsa-5530" }, { "name": "GLSA-202310-18", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202310-18" }, { "name": "https://security.netapp.com/advisory/ntap-20231208-0011/", "refsource": "", "tags": [], "url": "https://security.netapp.com/advisory/ntap-20231208-0011/" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 6.0 } }, "lastModifiedDate": "2023-12-08T22:15Z", "publishedDate": "2022-12-05T22:15Z" } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.