Action not permitted
Modal body text goes here.
cve-2023-27898
Vulnerability from cvelistv5
Published
2023-03-08 17:14
Modified
2024-08-02 12:23
Severity ?
EPSS score ?
Summary
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Jenkins Project | Jenkins |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.482Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Jenkins Security Advisory 2023-03-08", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Jenkins", "vendor": "Jenkins Project", "versions": [ { "changes": [ { "at": "2.375.4", "status": "unaffected" }, { "at": "2.376", "status": "affected" }, { "at": "2.387.1", "status": "unaffected" }, { "at": "2.388", "status": "affected" }, { "at": "2.394", "status": "unaffected" } ], "lessThan": "2.*", "status": "affected", "version": "2.270", "versionType": "maven" } ] } ], "descriptions": [ { "lang": "en", "value": "Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances." } ], "providerMetadata": { "dateUpdated": "2023-10-24T12:49:02.967Z", "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins" }, "references": [ { "name": "Jenkins Security Advisory 2023-03-08", "tags": [ "vendor-advisory" ], "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037" } ] } }, "cveMetadata": { "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2023-27898", "datePublished": "2023-03-08T17:14:48.437Z", "dateReserved": "2023-03-07T09:35:48.506Z", "dateUpdated": "2024-08-02T12:23:30.482Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-27898\",\"sourceIdentifier\":\"jenkinsci-cert@googlegroups.com\",\"published\":\"2023-03-10T21:15:15.403\",\"lastModified\":\"2023-05-24T17:43:59.883\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":2.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"2.270\",\"versionEndExcluding\":\"2.394\",\"matchCriteriaId\":\"C866B7BB-0E83-4962-BA8A-26132E657778\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"2.277.1\",\"versionEndExcluding\":\"2.375.4\",\"matchCriteriaId\":\"FE2DDC0F-D71A-4825-A72E-CE59553415AC\"}]}]}],\"references\":[{\"url\":\"https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
ghsa-j664-qhh4-hpf8
Vulnerability from github
Published
2023-03-10 21:30
Modified
2023-05-19 15:55
Severity ?
Summary
Cross-site Scripting vulnerability in Jenkins
Details
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.jenkins-ci.main:jenkins-core" }, "ranges": [ { "events": [ { "introduced": "2.376" }, { "fixed": "2.394" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.jenkins-ci.main:jenkins-core" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.375.4" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2023-27898" ], "database_specific": { "cwe_ids": [ "CWE-79" ], "github_reviewed": true, "github_reviewed_at": "2023-03-17T14:45:14Z", "nvd_published_at": "2023-03-10T21:15:00Z", "severity": "HIGH" }, "details": "Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.", "id": "GHSA-j664-qhh4-hpf8", "modified": "2023-05-19T15:55:11Z", "published": "2023-03-10T21:30:19Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27898" }, { "type": "WEB", "url": "https://github.com/jenkinsci/jenkins/commit/59ac866d9946d7c296023da0ea78baafd4cf71eb" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Cross-site Scripting vulnerability in Jenkins" }
wid-sec-w-2023-0609
Vulnerability from csaf_certbund
Published
2023-03-08 23:00
Modified
2024-02-11 23:00
Summary
Jenkins: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterstützung bei Softwareentwicklungen aller Art.
Angriff
Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuführen und Code auszuführen
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterst\u00fctzung bei Softwareentwicklungen aller Art.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0609 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0609.json" }, { "category": "self", "summary": "WID-SEC-2023-0609 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0609" }, { "category": "external", "summary": "Jenkins Security Advisory vom 2023-03-08", "url": "https://www.jenkins.io/security/advisory/2023-03-08/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1655 vom 2023-04-12", "url": "https://access.redhat.com/errata/RHSA-2023:1655" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3195 vom 2023-05-19", "url": "https://access.redhat.com/errata/RHSA-2023:3195" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3198 vom 2023-05-18", "url": "https://access.redhat.com/errata/RHSA-2023:3198" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3299 vom 2023-05-24", "url": "https://access.redhat.com/errata/RHSA-2023:3299" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3622 vom 2023-06-15", "url": "https://access.redhat.com/errata/RHSA-2023:3622" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3663 vom 2023-06-19", "url": "https://access.redhat.com/errata/RHSA-2023:3663" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0775 vom 2024-02-12", "url": "https://access.redhat.com/errata/RHSA-2024:0775" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0778 vom 2024-02-12", "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "source_lang": "en-US", "title": "Jenkins: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-02-11T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:18:37.466+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-0609", "initial_release_date": "2023-03-08T23:00:00.000+00:00", "revision_history": [ { "date": "2023-03-08T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-04-12T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-05-18T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-05-24T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-06-15T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-06-19T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-02-11T23:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "7" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 2.394", "product": { "name": "Jenkins Jenkins \u003c 2.394", "product_id": "T026692", "product_identification_helper": { "cpe": "cpe:/a:cloudbees:jenkins:2.394" } } }, { "category": "product_version_range", "name": "\u003c 2.375.4 LTS", "product": { "name": "Jenkins Jenkins \u003c 2.375.4 LTS", "product_id": "T026693", "product_identification_helper": { "cpe": "cpe:/a:cloudbees:jenkins:2.375.4_lts" } } }, { "category": "product_version_range", "name": "\u003c 2.387.1 LTS", "product": { "name": "Jenkins Jenkins \u003c 2.387.1 LTS", "product_id": "T026694", "product_identification_helper": { "cpe": "cpe:/a:cloudbees:jenkins:2.387.1_lts" } } } ], "category": "product_name", "name": "Jenkins" } ], "category": "vendor", "name": "Jenkins" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version", "name": "container platform 4.10", "product": { "name": "Red Hat OpenShift container platform 4.10", "product_id": "T027233", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform_4.10" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-27905", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-27905" }, { "cve": "CVE-2023-27904", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-27904" }, { "cve": "CVE-2023-27903", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-27903" }, { "cve": "CVE-2023-27902", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-27902" }, { "cve": "CVE-2023-27901", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-27901" }, { "cve": "CVE-2023-27900", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-27900" }, { "cve": "CVE-2023-27899", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-27899" }, { "cve": "CVE-2023-27898", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-27898" }, { "cve": "CVE-2023-24998", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-24998" } ] }
rhsa-2023_1655
Vulnerability from csaf_redhat
Published
2023-04-12 12:02
Modified
2024-11-06 02:43
Summary
Red Hat Security Advisory: OpenShift Container Platform 4.10.56 security update
Notes
Topic
Red Hat OpenShift Container Platform release 4.10.56 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.10.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.56. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHSA-2023:1656
Security Fix(es):
* apache-commons-text: variable interpolation RCE (CVE-2022-42889)
* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)
* spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692)
* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)
* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)
* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)
* kube-apiserver: Aggregated API server can cause clients to be redirected (SSRF) (CVE-2022-3172)
* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.10.56 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.10.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.56. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2023:1656\n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)\n\n* spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)\n\n* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)\n\n* kube-apiserver: Aggregated API server can cause clients to be redirected (SSRF) (CVE-2022-3172)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1655", "url": "https://access.redhat.com/errata/RHSA-2023:1655" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "url": "https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html" }, { "category": "external", "summary": "2127804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127804" }, { "category": "external", "summary": "2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "2162200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162200" }, { "category": "external", "summary": "2162206", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162206" }, { "category": "external", "summary": "2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "2177626", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177626" }, { "category": "external", "summary": "2177629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177629" }, { "category": "external", "summary": "2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1655.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.10.56 security update", "tracking": { "current_release_date": "2024-11-06T02:43:50+00:00", "generator": { "date": "2024-11-06T02:43:50+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:1655", "initial_release_date": "2023-04-12T12:02:17+00:00", "revision_history": [ { "date": "2023-04-12T12:02:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-04-12T12:02:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T02:43:50+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.10", "product": { "name": "Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.10::el7" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.10", "product": { "name": "Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.10::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "product": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "product_id": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.5-8.rhaos4.10.gitcc8441d.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "product": { "name": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "product_id": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "product": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "product_id": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7?arch=src" } } }, { "category": "product_version", "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "product": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "product_id": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=src" } } }, { "category": "product_version", "name": "kernel-0:4.18.0-305.85.1.el8_4.src", "product": { "name": "kernel-0:4.18.0-305.85.1.el8_4.src", "product_id": "kernel-0:4.18.0-305.85.1.el8_4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel@4.18.0-305.85.1.el8_4?arch=src" } } }, { "category": "product_version", "name": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "product": { "name": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "product_id": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@4.18.0-305.85.1.rt7.157.el8_4?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "product": { "name": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "product_id": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "product": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "product_id": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "toolbox-0:0.0.9-1.rhaos4.10.el8.src", "product": { "name": "toolbox-0:0.0.9-1.rhaos4.10.el8.src", "product_id": "toolbox-0:0.0.9-1.rhaos4.10.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/toolbox@0.0.9-1.rhaos4.10.el8?arch=src" } } }, { "category": "product_version", "name": "haproxy-0:2.2.19-4.el8.src", "product": { "name": "haproxy-0:2.2.19-4.el8.src", "product_id": "haproxy-0:2.2.19-4.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy@2.2.19-4.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-0:2.387.1.1680701869-1.el8.src", "product": { "name": "jenkins-0:2.387.1.1680701869-1.el8.src", "product_id": "jenkins-0:2.387.1.1680701869-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.387.1.1680701869-1.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "product_id": "jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.10.1680703106-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "product": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "product_id": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.5-8.rhaos4.10.gitcc8441d.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "product": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "product_id": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.5-8.rhaos4.10.gitcc8441d.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "product": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "product_id": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "product": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "product_id": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "product_id": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product_id": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product": { "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product_id": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product_id": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=x86_64" } } }, { "category": "product_version", "name": "bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-core@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-cross-headers@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-core@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-devel@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-extra@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-internal@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-devel@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-headers@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-ipaclones-internal@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-extra@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-internal@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-selftests-internal@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs-devel@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "perf-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "perf-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool-debuginfo@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-debuginfo@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo-common-x86_64@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-debuginfo@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf-debuginfo@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf-debuginfo@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-core@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-internal@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-devel@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules-internal@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-selftests-internal@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "product": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "product_id": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "product": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "product_id": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "product_id": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "haproxy22-0:2.2.19-4.el8.x86_64", "product": { "name": "haproxy22-0:2.2.19-4.el8.x86_64", "product_id": "haproxy22-0:2.2.19-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy22@2.2.19-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "haproxy-debugsource-0:2.2.19-4.el8.x86_64", "product": { "name": "haproxy-debugsource-0:2.2.19-4.el8.x86_64", "product_id": "haproxy-debugsource-0:2.2.19-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy-debugsource@2.2.19-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "product": { "name": "haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "product_id": "haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy22-debuginfo@2.2.19-4.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product_id": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=aarch64" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product": { "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product_id": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=aarch64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product_id": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=aarch64" } } }, { "category": "product_version", "name": "bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-core@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-cross-headers@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-core@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-devel@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-extra@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-internal@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-devel@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-headers@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-extra@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-internal@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-selftests-internal@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs-devel@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "perf-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "perf-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "perf-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool-debuginfo@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-debuginfo@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo-common-aarch64@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-debuginfo@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf-debuginfo@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf-debuginfo@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "product": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "product_id": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8?arch=aarch64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "product": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "product_id": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8?arch=aarch64" } } }, { "category": "product_version", "name": "haproxy22-0:2.2.19-4.el8.aarch64", "product": { "name": "haproxy22-0:2.2.19-4.el8.aarch64", "product_id": "haproxy22-0:2.2.19-4.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy22@2.2.19-4.el8?arch=aarch64" } } }, { "category": "product_version", "name": "haproxy-debugsource-0:2.2.19-4.el8.aarch64", "product": { "name": "haproxy-debugsource-0:2.2.19-4.el8.aarch64", "product_id": "haproxy-debugsource-0:2.2.19-4.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy-debugsource@2.2.19-4.el8?arch=aarch64" } } }, { "category": "product_version", "name": "haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "product": { "name": "haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "product_id": "haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy22-debuginfo@2.2.19-4.el8?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product_id": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product": { "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product_id": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product_id": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-core@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-cross-headers@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-core@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-devel@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-extra@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-internal@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-devel@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-headers@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-ipaclones-internal@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-extra@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-internal@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-selftests-internal@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs-devel@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "perf-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "perf-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "perf-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool-debuginfo@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-debuginfo@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo-common-ppc64le@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-debuginfo@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf-debuginfo@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf-debuginfo@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "product": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "product_id": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "product": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "product_id": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "haproxy22-0:2.2.19-4.el8.ppc64le", "product": { "name": "haproxy22-0:2.2.19-4.el8.ppc64le", "product_id": "haproxy22-0:2.2.19-4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy22@2.2.19-4.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "product": { "name": "haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "product_id": "haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy-debugsource@2.2.19-4.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "product": { "name": "haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "product_id": "haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy22-debuginfo@2.2.19-4.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product_id": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product": { "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product_id": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product_id": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=s390x" } } }, { "category": "product_version", "name": "bpftool-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "bpftool-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "bpftool-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-core@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-cross-headers@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-core@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-devel@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-extra@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-internal@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-devel@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-headers@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-extra@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-internal@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-selftests-internal@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-core@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-devel@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-modules@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-modules-extra@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-modules-internal@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "perf-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "perf-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "perf-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool-debuginfo@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-debuginfo@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo-common-s390x@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-debuginfo@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-debuginfo@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf-debuginfo@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf-debuginfo@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "product": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "product_id": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8?arch=s390x" } } }, { "category": "product_version", "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "product": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "product_id": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8?arch=s390x" } } }, { "category": "product_version", "name": "haproxy22-0:2.2.19-4.el8.s390x", "product": { "name": "haproxy22-0:2.2.19-4.el8.s390x", "product_id": "haproxy22-0:2.2.19-4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy22@2.2.19-4.el8?arch=s390x" } } }, { "category": "product_version", "name": "haproxy-debugsource-0:2.2.19-4.el8.s390x", "product": { "name": "haproxy-debugsource-0:2.2.19-4.el8.s390x", "product_id": "haproxy-debugsource-0:2.2.19-4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy-debugsource@2.2.19-4.el8?arch=s390x" } } }, { "category": "product_version", "name": "haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "product": { "name": "haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "product_id": "haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy22-debuginfo@2.2.19-4.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "product": { "name": "kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "product_id": "kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-doc@4.18.0-305.85.1.el8_4?arch=noarch" } } }, { "category": "product_version", "name": "toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "product": { "name": "toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "product_id": "toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/toolbox@0.0.9-1.rhaos4.10.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-0:2.387.1.1680701869-1.el8.noarch", "product": { "name": "jenkins-0:2.387.1.1680701869-1.el8.noarch", "product_id": "jenkins-0:2.387.1.1680701869-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.387.1.1680701869-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.10.1680703106-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src" }, "product_reference": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64" }, "product_reference": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src" }, "product_reference": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src" }, "product_reference": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64" }, "product_reference": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64" }, "product_reference": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "bpftool-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64" }, "product_reference": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le" }, "product_reference": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x" }, "product_reference": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src" }, "product_reference": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64" }, "product_reference": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64" }, "product_reference": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le" }, "product_reference": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x" }, "product_reference": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64" }, "product_reference": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le" }, "product_reference": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x" }, "product_reference": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64" }, "product_reference": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy-0:2.2.19-4.el8.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src" }, "product_reference": "haproxy-0:2.2.19-4.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy-debugsource-0:2.2.19-4.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64" }, "product_reference": "haproxy-debugsource-0:2.2.19-4.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy-debugsource-0:2.2.19-4.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le" }, "product_reference": "haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy-debugsource-0:2.2.19-4.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x" }, "product_reference": "haproxy-debugsource-0:2.2.19-4.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy-debugsource-0:2.2.19-4.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64" }, "product_reference": "haproxy-debugsource-0:2.2.19-4.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy22-0:2.2.19-4.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64" }, "product_reference": "haproxy22-0:2.2.19-4.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy22-0:2.2.19-4.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le" }, "product_reference": "haproxy22-0:2.2.19-4.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy22-0:2.2.19-4.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x" }, "product_reference": "haproxy22-0:2.2.19-4.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy22-0:2.2.19-4.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64" }, "product_reference": "haproxy22-0:2.2.19-4.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy22-debuginfo-0:2.2.19-4.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64" }, "product_reference": "haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le" }, "product_reference": "haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy22-debuginfo-0:2.2.19-4.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x" }, "product_reference": "haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy22-debuginfo-0:2.2.19-4.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64" }, "product_reference": "haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.387.1.1680701869-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch" }, "product_reference": "jenkins-0:2.387.1.1680701869-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.387.1.1680701869-1.el8.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" }, "product_reference": "jenkins-0:2.387.1.1680701869-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.10.1680703106-1.el8.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:4.18.0-305.85.1.el8_4.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src" }, "product_reference": "kernel-0:4.18.0-305.85.1.el8_4.src", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-core-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-core-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-core-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-doc-0:4.18.0-305.85.1.el8_4.noarch as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch" }, "product_reference": "kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src" }, "product_reference": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src" }, "product_reference": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64" }, "product_reference": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x" }, "product_reference": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src" }, "product_reference": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64" }, "product_reference": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64" }, "product_reference": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x" }, "product_reference": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64" }, "product_reference": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "perf-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "perf-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "perf-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "perf-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "toolbox-0:0.0.9-1.rhaos4.10.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch" }, "product_reference": "toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "toolbox-0:0.0.9-1.rhaos4.10.el8.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" }, "product_reference": "toolbox-0:0.0.9-1.rhaos4.10.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.10" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-3172", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2022-09-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2127804" } ], "notes": [ { "category": "description", "text": "A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client\u0027s API server credentials to third parties.", "title": "Vulnerability description" }, { "category": "summary", "text": "kube-apiserver: Aggregated API server can cause clients to be redirected (SSRF)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3172" }, { "category": "external", "summary": "RHBZ#2127804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127804" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3172", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3172" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3172", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3172" }, { "category": "external", "summary": "https://github.com/kubernetes/kubernetes/issues/112513", "url": "https://github.com/kubernetes/kubernetes/issues/112513" } ], "release_date": "2022-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kube-apiserver: Aggregated API server can cause clients to be redirected (SSRF)" }, { "cve": "CVE-2022-31690", "cwe": { "id": "CWE-269", "name": "Improper Privilege Management" }, "discovery_date": "2023-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2162200" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Integration Camel-K, Camel-Quarkus, and Camel-SpringBoot do not directly use or ship the affected software, but do have references to it in their Maven POMs. As such their impact has been reduced to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31690" }, { "category": "external", "summary": "RHBZ#2162200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31690", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31690" }, { "category": "external", "summary": "https://spring.io/security/cve-2022-31690", "url": "https://spring.io/security/cve-2022-31690" } ], "release_date": "2022-10-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client" }, { "cve": "CVE-2022-31692", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2023-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2162206" } ], "notes": [ { "category": "description", "text": "A flaw was found in the spring-security framework. Spring Security could allow a remote attacker to bypass security restrictions caused by an issue when using forward or include dispatcher types. By sending a specially-crafted request, an attacker can bypass authorization rules.", "title": "Vulnerability description" }, { "category": "summary", "text": "spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31692" }, { "category": "external", "summary": "RHBZ#2162206", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162206" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31692", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31692" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31692", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31692" }, { "category": "external", "summary": "https://spring.io/security/cve-2022-31692", "url": "https://spring.io/security/cve-2022-31692" } ], "release_date": "2022-10-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security" }, { "cve": "CVE-2022-42889", "cwe": { "id": "CWE-1188", "name": "Initialization of a Resource with an Insecure Default" }, "discovery_date": "2022-10-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135435" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-text: variable interpolation RCE", "title": "Vulnerability summary" }, { "category": "other", "text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42889" }, { "category": "external", "summary": "RHBZ#2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889" }, { "category": "external", "summary": "https://blogs.apache.org/security/entry/cve-2022-42889", "url": "https://blogs.apache.org/security/entry/cve-2022-42889" }, { "category": "external", "summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om" }, { "category": "external", "summary": "https://seclists.org/oss-sec/2022/q4/22", "url": "https://seclists.org/oss-sec/2022/q4/22" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" }, { "category": "workaround", "details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-text: variable interpolation RCE" }, { "cve": "CVE-2023-24422", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-01-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164278" } ], "notes": [ { "category": "description", "text": "A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as out of support scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24422" }, { "category": "external", "summary": "RHBZ#2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24422", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24422" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016", "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016" } ], "release_date": "2023-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin" }, { "cve": "CVE-2023-25725", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2023-02-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2169089" } ], "notes": [ { "category": "description", "text": "A flaw was found in HAProxy\u0027s headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypass filtering and detection by HAProxy.", "title": "Vulnerability description" }, { "category": "summary", "text": "haproxy: request smuggling attack in HTTP/1 header parsing", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform doesn\u0027t ship any haproxy code of its own and instead the openstack-haproxy-container consumes the `haproxy` RPM provided by RHEL.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25725" }, { "category": "external", "summary": "RHBZ#2169089", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169089" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25725", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25725" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25725", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25725" }, { "category": "external", "summary": "https://www.haproxy.com/blog/february-2023-header-parser-fixed/", "url": "https://www.haproxy.com/blog/february-2023-header-parser-fixed/" }, { "category": "external", "summary": "https://www.mail-archive.com/haproxy@formilux.org/msg43229.html", "url": "https://www.mail-archive.com/haproxy@formilux.org/msg43229.html" } ], "release_date": "2023-02-14T16:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "haproxy: request smuggling attack in HTTP/1 header parsing" }, { "cve": "CVE-2023-27898", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177629" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: XSS vulnerability in plugin manager", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27898" }, { "category": "external", "summary": "RHBZ#2177629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177629" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27898", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27898" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27898", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27898" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Jenkins: XSS vulnerability in plugin manager" }, { "cve": "CVE-2023-27899", "cwe": { "id": "CWE-378", "name": "Creation of Temporary File With Insecure Permissions" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177626" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. Jenkins creates a temporary file when a plugin is uploaded from an administrator\u2019s computer. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Temporary plugin file created with insecure permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27899" }, { "category": "external", "summary": "RHBZ#2177626", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177626" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27899", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27899" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27899", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27899" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Jenkins: Temporary plugin file created with insecure permissions" }, { "cve": "CVE-2023-27903", "cwe": { "id": "CWE-266", "name": "Incorrect Privilege Assignment" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177632" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI\u2019s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Temporary file parameter created with insecure permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27903" }, { "category": "external", "summary": "RHBZ#2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27903", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27903" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Temporary file parameter created with insecure permissions" }, { "cve": "CVE-2023-27904", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177634" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Information disclosure through error stack traces related to agents", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27904" }, { "category": "external", "summary": "RHBZ#2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Information disclosure through error stack traces related to agents" } ] }
rhsa-2023_3663
Vulnerability from csaf_redhat
Published
2023-06-19 10:15
Modified
2024-11-06 03:11
Summary
Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Notes
Topic
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.
Security Fix(es):
* xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)
* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)
* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)
* log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)
* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)
* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)
* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)
* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)
* springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)
* jettison: parser crash by stackoverflow (CVE-2022-40149)
* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)
* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)
* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)
* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)
* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow (CVE-2022-41966)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)\n\n* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)\n\n* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)\n\n* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)\n\n* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)\n\n* springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:3663", "url": "https://access.redhat.com/errata/RHSA-2023:3663" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2087214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087214" }, { "category": "external", "summary": "2116952", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "2170431", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431" }, { "category": "external", "summary": "2177626", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177626" }, { "category": "external", "summary": "2177629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177629" }, { "category": "external", "summary": "2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "external", "summary": "2180528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528" }, { "category": "external", "summary": "2182788", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788" }, { "category": "external", "summary": "2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "2188542", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542" }, { "category": "external", "summary": "2207830", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207830" }, { "category": "external", "summary": "2207835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207835" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3663.json" } ], "title": "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update", "tracking": { "current_release_date": "2024-11-06T03:11:53+00:00", "generator": { "date": "2024-11-06T03:11:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:3663", "initial_release_date": "2023-06-19T10:15:57+00:00", "revision_history": [ { "date": "2023-06-19T10:15:57+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-06-19T10:15:57+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T03:11:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.11::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.401.1.1686831596-3.el8.src", "product": { "name": "jenkins-0:2.401.1.1686831596-3.el8.src", "product_id": "jenkins-0:2.401.1.1686831596-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", "product_id": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.401.1.1686831596-3.el8.noarch", "product": { "name": "jenkins-0:2.401.1.1686831596-3.el8.noarch", "product_id": "jenkins-0:2.401.1.1686831596-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.401.1.1686831596-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch" }, "product_reference": "jenkins-0:2.401.1.1686831596-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.401.1.1686831596-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" }, "product_reference": "jenkins-0:2.401.1.1686831596-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-2048", "cwe": { "id": "CWE-410", "name": "Insufficient Resource Pool" }, "discovery_date": "2022-08-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2116952" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "http2-server: Invalid HTTP/2 requests cause DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2048" }, { "category": "external", "summary": "RHBZ#2116952", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2048", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2048" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j" } ], "release_date": "2022-07-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "http2-server: Invalid HTTP/2 requests cause DoS" }, { "cve": "CVE-2022-22976", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-05-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2087214" } ], "notes": [ { "category": "description", "text": "A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor (31) due to an integer overflow error.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: BCrypt skips salt rounds for work factor of 31", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22976" }, { "category": "external", "summary": "RHBZ#2087214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087214" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22976", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22976" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22976", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22976" }, { "category": "external", "summary": "https://tanzu.vmware.com/security/cve-2022-22976", "url": "https://tanzu.vmware.com/security/cve-2022-22976" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "springframework: BCrypt skips salt rounds for work factor of 31" }, { "cve": "CVE-2022-40149", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-10-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135771" } ], "notes": [ { "category": "description", "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: parser crash by stackoverflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40149" }, { "category": "external", "summary": "RHBZ#2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: parser crash by stackoverflow" }, { "cve": "CVE-2022-40150", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-10-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135770" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: memory exhaustion via user-supplied XML or JSON data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40150" }, { "category": "external", "summary": "RHBZ#2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jettison: memory exhaustion via user-supplied XML or JSON data" }, { "cve": "CVE-2022-41966", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2023-02-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170431" } ], "notes": [ { "category": "description", "text": "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41966" }, { "category": "external", "summary": "RHBZ#2170431", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41966", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41966" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966" }, { "category": "external", "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv" } ], "release_date": "2022-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" }, { "cve": "CVE-2023-1370", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2023-04-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2188542" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", "title": "Vulnerability description" }, { "category": "summary", "text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1370" }, { "category": "external", "summary": "RHBZ#2188542", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-493p-pfq6-5258", "url": "https://github.com/advisories/GHSA-493p-pfq6-5258" }, { "category": "external", "summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", "url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/" } ], "release_date": "2023-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)" }, { "cve": "CVE-2023-1436", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2023-03-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182788" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: Uncontrolled Recursion in JSONArray", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1436" }, { "category": "external", "summary": "RHBZ#2182788", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1436", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1436" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436" }, { "category": "external", "summary": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", "url": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/" } ], "release_date": "2023-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: Uncontrolled Recursion in JSONArray" }, { "cve": "CVE-2023-20860", "cwe": { "id": "CWE-155", "name": "Improper Neutralization of Wildcards or Matching Symbols" }, "discovery_date": "2023-03-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2180528" } ], "notes": [ { "category": "description", "text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-20860" }, { "category": "external", "summary": "RHBZ#2180528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20860" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860" }, { "category": "external", "summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", "url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861" } ], "release_date": "2023-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern" }, { "cve": "CVE-2023-26464", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182864" } ], "notes": [ { "category": "description", "text": "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j1-socketappender: DoS via hashmap logging", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26464" }, { "category": "external", "summary": "RHBZ#2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26464", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26464" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464" }, { "category": "external", "summary": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", "url": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464" } ], "release_date": "2023-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "log4j1-socketappender: DoS via hashmap logging" }, { "cve": "CVE-2023-27898", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177629" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: XSS vulnerability in plugin manager", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27898" }, { "category": "external", "summary": "RHBZ#2177629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177629" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27898", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27898" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27898", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27898" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Jenkins: XSS vulnerability in plugin manager" }, { "cve": "CVE-2023-27899", "cwe": { "id": "CWE-378", "name": "Creation of Temporary File With Insecure Permissions" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177626" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. Jenkins creates a temporary file when a plugin is uploaded from an administrator\u2019s computer. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Temporary plugin file created with insecure permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27899" }, { "category": "external", "summary": "RHBZ#2177626", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177626" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27899", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27899" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27899", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27899" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Jenkins: Temporary plugin file created with insecure permissions" }, { "cve": "CVE-2023-27903", "cwe": { "id": "CWE-266", "name": "Incorrect Privilege Assignment" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177632" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI\u2019s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Temporary file parameter created with insecure permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27903" }, { "category": "external", "summary": "RHBZ#2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27903", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27903" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Temporary file parameter created with insecure permissions" }, { "cve": "CVE-2023-27904", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177634" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Information disclosure through error stack traces related to agents", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27904" }, { "category": "external", "summary": "RHBZ#2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Information disclosure through error stack traces related to agents" }, { "cve": "CVE-2023-32977", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-05-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2207830" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins Pipeline: Job Plugin. Affected versions of Jenkins Pipeline: Job Plugin are vulnerable to Cross-site scripting caused by improper validation of user-supplied input. This flaw allows a remote authenticated attacker to inject malicious script into a Web page, which would then be executed in a victim\u0027s Web browser within the security context of the hosting Web site once the page is viewed. The attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won\u0027tfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-32977" }, { "category": "external", "summary": "RHBZ#2207830", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207830" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-32977", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32977" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32977", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32977" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042", "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042" } ], "release_date": "2023-05-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin" }, { "cve": "CVE-2023-32981", "discovery_date": "2023-05-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2207835" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing \"dot dot\" sequences (/../) to create or replace arbitrary files on the agent file system with attacker-specified content.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won\u0027tfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-32981" }, { "category": "external", "summary": "RHBZ#2207835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207835" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-32981", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32981" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32981", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32981" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196", "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196" } ], "release_date": "2023-05-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin" } ] }
gsd-2023-27898
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2023-27898", "id": "GSD-2023-27898" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-27898" ], "details": "Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.", "id": "GSD-2023-27898", "modified": "2023-12-13T01:20:55.540914Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2023-27898", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Jenkins", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "unaffected", "versions": [ { "changes": [ { "at": "2.375.4", "status": "unaffected" }, { "at": "2.376", "status": "affected" }, { "at": "2.387.1", "status": "unaffected" }, { "at": "2.388", "status": "affected" }, { "at": "2.394", "status": "unaffected" } ], "lessThan": "2.*", "status": "affected", "version": "2.270", "versionType": "maven" } ] } } ] } } ] }, "vendor_name": "Jenkins Project" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037", "refsource": "MISC", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "[2.270,2.394)", "affected_versions": "All versions starting from 2.270 before 2.394", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-79", "CWE-937" ], "date": "2023-05-24", "description": "Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.", "fixed_versions": [ "2.394" ], "identifier": "CVE-2023-27898", "identifiers": [ "CVE-2023-27898" ], "not_impacted": "All versions before 2.270, all versions starting from 2.394", "package_slug": "maven/org.jenkins-ci.main/jenkins-core", "pubdate": "2023-03-10", "solution": "Upgrade to version 2.394 or above.", "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2023-27898", "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037" ], "uuid": "a234bdae-c204-47c3-b01f-185fa41a0080" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "2.394", "versionStartIncluding": "2.270", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "2.375.4", "versionStartIncluding": "2.277.1", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2023-27898" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-79" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 6.0 } }, "lastModifiedDate": "2023-05-24T17:43Z", "publishedDate": "2023-03-10T21:15Z" } } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.