Action not permitted
Modal body text goes here.
cve-2023-27899
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
Jenkins Project | Jenkins |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.612Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Jenkins Security Advisory 2023-03-08", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Jenkins", "vendor": "Jenkins Project", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.394", "versionType": "maven" }, { "lessThan": "2.375.*", "status": "unaffected", "version": "2.375.4", "versionType": "maven" }, { "lessThan": "2.387.*", "status": "unaffected", "version": "2.387.1", "versionType": "maven" } ] } ], "descriptions": [ { "lang": "en", "value": "Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution." } ], "providerMetadata": { "dateUpdated": "2023-10-24T12:49:04.120Z", "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins" }, "references": [ { "name": "Jenkins Security Advisory 2023-03-08", "tags": [ "vendor-advisory" ], "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823" } ] } }, "cveMetadata": { "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "assignerShortName": "jenkins", "cveId": "CVE-2023-27899", "datePublished": "2023-03-08T17:14:49.111Z", "dateReserved": "2023-03-07T09:35:48.506Z", "dateUpdated": "2024-08-02T12:23:30.612Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-27899\",\"sourceIdentifier\":\"jenkinsci-cert@googlegroups.com\",\"published\":\"2023-03-10T21:15:15.460\",\"lastModified\":\"2023-03-16T15:48:58.347\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*\",\"versionEndExcluding\":\"2.375.4\",\"matchCriteriaId\":\"60A98B86-E66C-4703-9DDD-7BB66247067C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"2.394\",\"matchCriteriaId\":\"57EF4F3C-05BE-4979-A92D-6B56EE5CD3FF\"}]}]}],\"references\":[{\"url\":\"https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823\",\"source\":\"jenkinsci-cert@googlegroups.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
wid-sec-w-2023-0609
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Jenkins ist ein erweiterbarer, webbasierter Integration Server zur kontinuierlichen Unterst\u00fctzung bei Softwareentwicklungen aller Art.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux\n- Windows\n- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-0609 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0609.json" }, { "category": "self", "summary": "WID-SEC-2023-0609 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0609" }, { "category": "external", "summary": "Jenkins Security Advisory vom 2023-03-08", "url": "https://www.jenkins.io/security/advisory/2023-03-08/" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1655 vom 2023-04-12", "url": "https://access.redhat.com/errata/RHSA-2023:1655" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3195 vom 2023-05-19", "url": "https://access.redhat.com/errata/RHSA-2023:3195" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3198 vom 2023-05-18", "url": "https://access.redhat.com/errata/RHSA-2023:3198" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3299 vom 2023-05-24", "url": "https://access.redhat.com/errata/RHSA-2023:3299" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3622 vom 2023-06-15", "url": "https://access.redhat.com/errata/RHSA-2023:3622" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:3663 vom 2023-06-19", "url": "https://access.redhat.com/errata/RHSA-2023:3663" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0775 vom 2024-02-12", "url": "https://access.redhat.com/errata/RHSA-2024:0775" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0778 vom 2024-02-12", "url": "https://access.redhat.com/errata/RHSA-2024:0778" } ], "source_lang": "en-US", "title": "Jenkins: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-02-11T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:18:37.466+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-0609", "initial_release_date": "2023-03-08T23:00:00.000+00:00", "revision_history": [ { "date": "2023-03-08T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-04-12T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-05-18T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-05-24T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-06-15T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2023-06-19T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-02-11T23:00:00.000+00:00", "number": "7", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "7" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 2.394", "product": { "name": "Jenkins Jenkins \u003c 2.394", "product_id": "T026692", "product_identification_helper": { "cpe": "cpe:/a:cloudbees:jenkins:2.394" } } }, { "category": "product_version_range", "name": "\u003c 2.375.4 LTS", "product": { "name": "Jenkins Jenkins \u003c 2.375.4 LTS", "product_id": "T026693", "product_identification_helper": { "cpe": "cpe:/a:cloudbees:jenkins:2.375.4_lts" } } }, { "category": "product_version_range", "name": "\u003c 2.387.1 LTS", "product": { "name": "Jenkins Jenkins \u003c 2.387.1 LTS", "product_id": "T026694", "product_identification_helper": { "cpe": "cpe:/a:cloudbees:jenkins:2.387.1_lts" } } } ], "category": "product_name", "name": "Jenkins" } ], "category": "vendor", "name": "Jenkins" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version", "name": "container platform 4.10", "product": { "name": "Red Hat OpenShift container platform 4.10", "product_id": "T027233", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:container_platform_4.10" } } } ], "category": "product_name", "name": "OpenShift" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-27905", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-27905" }, { "cve": "CVE-2023-27904", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-27904" }, { "cve": "CVE-2023-27903", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-27903" }, { "cve": "CVE-2023-27902", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-27902" }, { "cve": "CVE-2023-27901", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-27901" }, { "cve": "CVE-2023-27900", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-27900" }, { "cve": "CVE-2023-27899", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-27899" }, { "cve": "CVE-2023-27898", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-27898" }, { "cve": "CVE-2023-24998", "notes": [ { "category": "description", "text": "In Jenkins existieren mehrere Schwachstellen in unterschiedlichen Plugins und Komponenten. Dabei handelt es sich um ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, unsichere Datei-Berechtigungen und unsichere Speicherung von Informationen. Ein Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und Code auszuf\u00fchren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder Anmeldung." } ], "product_status": { "known_affected": [ "67646", "T027233" ] }, "release_date": "2023-03-08T23:00:00Z", "title": "CVE-2023-24998" } ] }
ghsa-hf9h-vv4m-2f33
Vulnerability from github
Jenkins creates a temporary file when a plugin is uploaded from an administrator’s computer.
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier, and prior to LTS 2.387.1 creates this temporary file in the system temporary directory with the default permissions for newly created files.
If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.
This vulnerability only affects operating systems using a shared temporary directory for all users (typically Linux). Additionally, the default permissions for newly created files generally only allows attackers to read the temporary file. Jenkins 2.394, LTS 2.375.4, and LTS 2.387.1 creates the temporary file with more restrictive permissions.
As a workaround, you can set a different path as your default temporary directory using the Java system property java.io.tmpdir, if you’re concerned about this issue but unable to immediately update Jenkins.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.jenkins-ci.main:jenkins-core" }, "ranges": [ { "events": [ { "introduced": "2.376" }, { "fixed": "2.387.1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.jenkins-ci.main:jenkins-core" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.375.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.jenkins-ci.main:jenkins-core" }, "ranges": [ { "events": [ { "introduced": "2.388" }, { "fixed": "2.394" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2023-27899" ], "database_specific": { "cwe_ids": [ "CWE-863" ], "github_reviewed": true, "github_reviewed_at": "2023-03-17T14:45:00Z", "nvd_published_at": "2023-03-10T21:15:00Z", "severity": "HIGH" }, "details": "Jenkins creates a temporary file when a plugin is uploaded from an administrator\u2019s computer.\n\nJenkins 2.393 and earlier, LTS 2.375.3 and earlier, and prior to LTS 2.387.1 creates this temporary file in the system temporary directory with the default permissions for newly created files.\n\nIf these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.\n\nThis vulnerability only affects operating systems using a shared temporary directory for all users (typically Linux). Additionally, the default permissions for newly created files generally only allows attackers to read the temporary file.\nJenkins 2.394, LTS 2.375.4, and LTS 2.387.1 creates the temporary file with more restrictive permissions.\n\nAs a workaround, you can set a different path as your default temporary directory using the Java system property java.io.tmpdir, if you\u2019re concerned about this issue but unable to immediately update Jenkins.", "id": "GHSA-hf9h-vv4m-2f33", "modified": "2024-01-05T13:23:14Z", "published": "2023-03-10T21:30:19Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27899" }, { "type": "WEB", "url": "https://github.com/jenkinsci/jenkins/commit/f39c11fa27b14923260c4c9b896f0f373e2a0a17" }, { "type": "WEB", "url": "https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27899.json" }, { "type": "WEB", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Incorrect Authorization in Jenkins Core" }
rhsa-2023_1655
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.10.56 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.10.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.56. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2023:1656\n\nSecurity Fix(es):\n\n* apache-commons-text: variable interpolation RCE (CVE-2022-42889)\n\n* spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)\n\n* spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security (CVE-2022-31692)\n\n* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)\n\n* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)\n\n* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)\n\n* kube-apiserver: Aggregated API server can cause clients to be redirected (SSRF) (CVE-2022-3172)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1655", "url": "https://access.redhat.com/errata/RHSA-2023:1655" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "url": "https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html" }, { "category": "external", "summary": "2127804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127804" }, { "category": "external", "summary": "2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "2162200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162200" }, { "category": "external", "summary": "2162206", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162206" }, { "category": "external", "summary": "2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "2177626", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177626" }, { "category": "external", "summary": "2177629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177629" }, { "category": "external", "summary": "2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1655.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.10.56 security update", "tracking": { "current_release_date": "2024-11-15T13:29:29+00:00", "generator": { "date": "2024-11-15T13:29:29+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:1655", "initial_release_date": "2023-04-12T12:02:17+00:00", "revision_history": [ { "date": "2023-04-12T12:02:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-04-12T12:02:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T13:29:29+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.10", "product": { "name": "Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.10::el7" } } }, { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.10", "product": { "name": "Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.10::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "product": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "product_id": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.5-8.rhaos4.10.gitcc8441d.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "product": { "name": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "product_id": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "product": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "product_id": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7?arch=src" } } }, { "category": "product_version", "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "product": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "product_id": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=src" } } }, { "category": "product_version", "name": "kernel-0:4.18.0-305.85.1.el8_4.src", "product": { "name": "kernel-0:4.18.0-305.85.1.el8_4.src", "product_id": "kernel-0:4.18.0-305.85.1.el8_4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel@4.18.0-305.85.1.el8_4?arch=src" } } }, { "category": "product_version", "name": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "product": { "name": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "product_id": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@4.18.0-305.85.1.rt7.157.el8_4?arch=src" } } }, { "category": "product_version", "name": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "product": { "name": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "product_id": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift@4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "product": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "product_id": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8?arch=src" } } }, { "category": "product_version", "name": "toolbox-0:0.0.9-1.rhaos4.10.el8.src", "product": { "name": "toolbox-0:0.0.9-1.rhaos4.10.el8.src", "product_id": "toolbox-0:0.0.9-1.rhaos4.10.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/toolbox@0.0.9-1.rhaos4.10.el8?arch=src" } } }, { "category": "product_version", "name": "haproxy-0:2.2.19-4.el8.src", "product": { "name": "haproxy-0:2.2.19-4.el8.src", "product_id": "haproxy-0:2.2.19-4.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy@2.2.19-4.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-0:2.387.1.1680701869-1.el8.src", "product": { "name": "jenkins-0:2.387.1.1680701869-1.el8.src", "product_id": "jenkins-0:2.387.1.1680701869-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.387.1.1680701869-1.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "product_id": "jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.10.1680703106-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "product": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "product_id": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.5-8.rhaos4.10.gitcc8441d.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "product": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "product_id": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.5-8.rhaos4.10.gitcc8441d.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "product": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "product_id": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "product": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "product_id": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "product_id": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product_id": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product": { "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product_id": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product_id": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=x86_64" } } }, { "category": "product_version", "name": "bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-core@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-cross-headers@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-core@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-devel@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-extra@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-internal@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-devel@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-headers@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-ipaclones-internal@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-extra@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-internal@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-selftests-internal@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs-devel@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "perf-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "perf-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool-debuginfo@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-debuginfo@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo-common-x86_64@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-debuginfo@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf-debuginfo@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product": { "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_id": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf-debuginfo@4.18.0-305.85.1.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-core@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-internal@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-devel@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-modules-internal@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-selftests-internal@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product": { "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_id": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-305.85.1.rt7.157.el8_4?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "product": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "product_id": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "product": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "product_id": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "product": { "name": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "product_id": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8?arch=x86_64" } } }, { "category": "product_version", "name": "haproxy22-0:2.2.19-4.el8.x86_64", "product": { "name": "haproxy22-0:2.2.19-4.el8.x86_64", "product_id": "haproxy22-0:2.2.19-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy22@2.2.19-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "haproxy-debugsource-0:2.2.19-4.el8.x86_64", "product": { "name": "haproxy-debugsource-0:2.2.19-4.el8.x86_64", "product_id": "haproxy-debugsource-0:2.2.19-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy-debugsource@2.2.19-4.el8?arch=x86_64" } } }, { "category": "product_version", "name": "haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "product": { "name": "haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "product_id": "haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy22-debuginfo@2.2.19-4.el8?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product_id": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=aarch64" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product": { "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product_id": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=aarch64" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product_id": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=aarch64" } } }, { "category": "product_version", "name": "bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-core@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-cross-headers@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-core@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-devel@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-extra@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-internal@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-devel@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-headers@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-extra@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-internal@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-selftests-internal@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs-devel@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "perf-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "perf-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "perf-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool-debuginfo@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-debuginfo@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo-common-aarch64@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-debuginfo@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf-debuginfo@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product": { "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_id": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf-debuginfo@4.18.0-305.85.1.el8_4?arch=aarch64" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "product": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "product_id": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8?arch=aarch64" } } }, { "category": "product_version", "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "product": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "product_id": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8?arch=aarch64" } } }, { "category": "product_version", "name": "haproxy22-0:2.2.19-4.el8.aarch64", "product": { "name": "haproxy22-0:2.2.19-4.el8.aarch64", "product_id": "haproxy22-0:2.2.19-4.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy22@2.2.19-4.el8?arch=aarch64" } } }, { "category": "product_version", "name": "haproxy-debugsource-0:2.2.19-4.el8.aarch64", "product": { "name": "haproxy-debugsource-0:2.2.19-4.el8.aarch64", "product_id": "haproxy-debugsource-0:2.2.19-4.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy-debugsource@2.2.19-4.el8?arch=aarch64" } } }, { "category": "product_version", "name": "haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "product": { "name": "haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "product_id": "haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy22-debuginfo@2.2.19-4.el8?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product_id": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product": { "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product_id": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product_id": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-core@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-cross-headers@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-core@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-devel@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-extra@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-internal@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-devel@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-headers@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-ipaclones-internal@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-extra@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-internal@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-selftests-internal@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-libs-devel@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "perf-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "perf-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "perf-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool-debuginfo@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-debuginfo@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo-common-ppc64le@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-debuginfo@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf-debuginfo@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product": { "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_id": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf-debuginfo@4.18.0-305.85.1.el8_4?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "product": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "product_id": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "product": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "product_id": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "haproxy22-0:2.2.19-4.el8.ppc64le", "product": { "name": "haproxy22-0:2.2.19-4.el8.ppc64le", "product_id": "haproxy22-0:2.2.19-4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy22@2.2.19-4.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "product": { "name": "haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "product_id": "haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy-debugsource@2.2.19-4.el8?arch=ppc64le" } } }, { "category": "product_version", "name": "haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "product": { "name": "haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "product_id": "haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy22-debuginfo@2.2.19-4.el8?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product_id": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product": { "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product_id": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debugsource@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=s390x" } } }, { "category": "product_version", "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product_id": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.23.5-8.rhaos4.10.gitcc8441d.el8?arch=s390x" } } }, { "category": "product_version", "name": "bpftool-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "bpftool-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "bpftool-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-core@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-cross-headers@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-core@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-devel@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-extra@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-modules-internal@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-devel@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-headers@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-extra@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-modules-internal@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-selftests-internal@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-core@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-devel@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-modules@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-modules-extra@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-modules-internal@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "perf-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "perf-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "perf-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/bpftool-debuginfo@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debug-debuginfo@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-debuginfo-common-s390x@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-tools-debuginfo@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-zfcpdump-debuginfo@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/perf-debuginfo@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product": { "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_id": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-perf-debuginfo@4.18.0-305.85.1.el8_4?arch=s390x" } } }, { "category": "product_version", "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "product": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "product_id": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-hyperkube@4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8?arch=s390x" } } }, { "category": "product_version", "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "product": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "product_id": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-clients@4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8?arch=s390x" } } }, { "category": "product_version", "name": "haproxy22-0:2.2.19-4.el8.s390x", "product": { "name": "haproxy22-0:2.2.19-4.el8.s390x", "product_id": "haproxy22-0:2.2.19-4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy22@2.2.19-4.el8?arch=s390x" } } }, { "category": "product_version", "name": "haproxy-debugsource-0:2.2.19-4.el8.s390x", "product": { "name": "haproxy-debugsource-0:2.2.19-4.el8.s390x", "product_id": "haproxy-debugsource-0:2.2.19-4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy-debugsource@2.2.19-4.el8?arch=s390x" } } }, { "category": "product_version", "name": "haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "product": { "name": "haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "product_id": "haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/haproxy22-debuginfo@2.2.19-4.el8?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "product": { "name": "kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "product_id": "kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/kernel-doc@4.18.0-305.85.1.el8_4?arch=noarch" } } }, { "category": "product_version", "name": "toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "product": { "name": "toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "product_id": "toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/toolbox@0.0.9-1.rhaos4.10.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-0:2.387.1.1680701869-1.el8.noarch", "product": { "name": "jenkins-0:2.387.1.1680701869-1.el8.noarch", "product_id": "jenkins-0:2.387.1.1680701869-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.387.1.1680701869-1.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.10.1680703106-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src" }, "product_reference": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64" }, "product_reference": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src" }, "product_reference": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src" }, "product_reference": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64" }, "product_reference": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64" }, "product_reference": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "bpftool-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64" }, "product_reference": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le" }, "product_reference": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x" }, "product_reference": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src" }, "product_reference": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64" }, "product_reference": "cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64" }, "product_reference": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le" }, "product_reference": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x" }, "product_reference": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64" }, "product_reference": "cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64" }, "product_reference": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le" }, "product_reference": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x" }, "product_reference": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64" }, "product_reference": "cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy-0:2.2.19-4.el8.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src" }, "product_reference": "haproxy-0:2.2.19-4.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy-debugsource-0:2.2.19-4.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64" }, "product_reference": "haproxy-debugsource-0:2.2.19-4.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy-debugsource-0:2.2.19-4.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le" }, "product_reference": "haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy-debugsource-0:2.2.19-4.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x" }, "product_reference": "haproxy-debugsource-0:2.2.19-4.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy-debugsource-0:2.2.19-4.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64" }, "product_reference": "haproxy-debugsource-0:2.2.19-4.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy22-0:2.2.19-4.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64" }, "product_reference": "haproxy22-0:2.2.19-4.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy22-0:2.2.19-4.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le" }, "product_reference": "haproxy22-0:2.2.19-4.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy22-0:2.2.19-4.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x" }, "product_reference": "haproxy22-0:2.2.19-4.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy22-0:2.2.19-4.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64" }, "product_reference": "haproxy22-0:2.2.19-4.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy22-debuginfo-0:2.2.19-4.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64" }, "product_reference": "haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le" }, "product_reference": "haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy22-debuginfo-0:2.2.19-4.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x" }, "product_reference": "haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy22-debuginfo-0:2.2.19-4.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64" }, "product_reference": "haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.387.1.1680701869-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch" }, "product_reference": "jenkins-0:2.387.1.1680701869-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.387.1.1680701869-1.el8.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" }, "product_reference": "jenkins-0:2.387.1.1680701869-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.10.1680703106-1.el8.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:4.18.0-305.85.1.el8_4.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src" }, "product_reference": "kernel-0:4.18.0-305.85.1.el8_4.src", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-core-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-core-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-core-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-doc-0:4.18.0-305.85.1.el8_4.noarch as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch" }, "product_reference": "kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src" }, "product_reference": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64" }, "product_reference": "kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src" }, "product_reference": "openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64" }, "product_reference": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x" }, "product_reference": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src" }, "product_reference": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64" }, "product_reference": "openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64" }, "product_reference": "openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64" }, "product_reference": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le" }, "product_reference": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x" }, "product_reference": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64" }, "product_reference": "openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "perf-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "perf-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "perf-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "perf-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64" }, "product_reference": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le" }, "product_reference": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x" }, "product_reference": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64 as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64" }, "product_reference": "python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "toolbox-0:0.0.9-1.rhaos4.10.el8.noarch as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch" }, "product_reference": "toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "relates_to_product_reference": "8Base-RHOSE-4.10" }, { "category": "default_component_of", "full_product_name": { "name": "toolbox-0:0.0.9-1.rhaos4.10.el8.src as a component of Red Hat OpenShift Container Platform 4.10", "product_id": "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" }, "product_reference": "toolbox-0:0.0.9-1.rhaos4.10.el8.src", "relates_to_product_reference": "8Base-RHOSE-4.10" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-3172", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2022-09-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2127804" } ], "notes": [ { "category": "description", "text": "A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client\u0027s API server credentials to third parties.", "title": "Vulnerability description" }, { "category": "summary", "text": "kube-apiserver: Aggregated API server can cause clients to be redirected (SSRF)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-3172" }, { "category": "external", "summary": "RHBZ#2127804", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2127804" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-3172", "url": "https://www.cve.org/CVERecord?id=CVE-2022-3172" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3172", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3172" }, { "category": "external", "summary": "https://github.com/kubernetes/kubernetes/issues/112513", "url": "https://github.com/kubernetes/kubernetes/issues/112513" } ], "release_date": "2022-09-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kube-apiserver: Aggregated API server can cause clients to be redirected (SSRF)" }, { "cve": "CVE-2022-31690", "cwe": { "id": "CWE-269", "name": "Improper Privilege Management" }, "discovery_date": "2023-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2162200" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Spring Security framework. Spring Security could allow a remote attacker to gain elevated privileges on the system. By modifying a request initiated by the Client (via the browser) to the Authorization Server, an attacker can gain elevated privileges on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Integration Camel-K, Camel-Quarkus, and Camel-SpringBoot do not directly use or ship the affected software, but do have references to it in their Maven POMs. As such their impact has been reduced to Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31690" }, { "category": "external", "summary": "RHBZ#2162200", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162200" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31690", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31690" }, { "category": "external", "summary": "https://spring.io/security/cve-2022-31690", "url": "https://spring.io/security/cve-2022-31690" } ], "release_date": "2022-10-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client" }, { "cve": "CVE-2022-31692", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "discovery_date": "2023-01-19T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2162206" } ], "notes": [ { "category": "description", "text": "A flaw was found in the spring-security framework. Spring Security could allow a remote attacker to bypass security restrictions caused by an issue when using forward or include dispatcher types. By sending a specially-crafted request, an attacker can bypass authorization rules.", "title": "Vulnerability description" }, { "category": "summary", "text": "spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31692" }, { "category": "external", "summary": "RHBZ#2162206", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162206" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31692", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31692" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31692", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31692" }, { "category": "external", "summary": "https://spring.io/security/cve-2022-31692", "url": "https://spring.io/security/cve-2022-31692" } ], "release_date": "2022-10-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "spring-security: Authorization rules can be bypassed via forward or include dispatcher types in Spring Security" }, { "cve": "CVE-2022-42889", "cwe": { "id": "CWE-1188", "name": "Initialization of a Resource with an Insecure Default" }, "discovery_date": "2022-10-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135435" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code execution (RCE) and unintentional contact with untrusted remote servers.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-text: variable interpolation RCE", "title": "Vulnerability summary" }, { "category": "other", "text": "In order to carry successful exploitation of this vulnerability, the following conditions must be in place on the affected target:\n - Usage of specific methods that interpolate the variables as described in the flaw\n - Usage of external input for those methods\n - Usage of that external input has to be unsanitized/no \"allow list\"/etc.\n\nThe following products have *Low* impact because they have maven references to the affected package but do not ship it nor use the code:\n- Red Hat EAP Expansion Pack (EAP-XP)\n- Red Hat Camel-K\n- Red Hat Camel-Quarkus\n\nRed Hat Satellite ships Candlepin that embeds Apache Commons Text, however, it is not vulnerable to the flaw since the library has not been exposed in the product code. In Candlepin, the Commons Text is being pulled for the Liquibase and ActiveMQ Artemis libraries as a dependency. Red Hat Product Security has evaluated and rated the impact of the flaw as Low for Satellite since there was no harm identified to the confidentiality, integrity, or availability of systems.\n\n- The OCP has a *Moderate* impact because the affected library is a third-party library in the OCP jenkins-2-plugin component which reduces the possibilities of successful exploitation.\n- The OCP-4.8 is affected by this CVE and is in an extended life phase. For versions of products in the Extended Life Phase, Red Hat will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42889" }, { "category": "external", "summary": "RHBZ#2135435", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135435" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42889", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42889" }, { "category": "external", "summary": "https://blogs.apache.org/security/entry/cve-2022-42889", "url": "https://blogs.apache.org/security/entry/cve-2022-42889" }, { "category": "external", "summary": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om", "url": "https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om" }, { "category": "external", "summary": "https://seclists.org/oss-sec/2022/q4/22", "url": "https://seclists.org/oss-sec/2022/q4/22" } ], "release_date": "2022-10-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" }, { "category": "workaround", "details": "This flaw may be avoided by ensuring that any external inputs used with the Commons-Text lookup methods are sanitized properly. Untrusted input should always be thoroughly sanitized before using in any potentially risky situations.", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-text: variable interpolation RCE" }, { "cve": "CVE-2023-24422", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-01-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164278" } ], "notes": [ { "category": "description", "text": "A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as out of support scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24422" }, { "category": "external", "summary": "RHBZ#2164278", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164278" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24422", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24422" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24422" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016", "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-3016" } ], "release_date": "2023-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin" }, { "cve": "CVE-2023-25725", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2023-02-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2169089" } ], "notes": [ { "category": "description", "text": "A flaw was found in HAProxy\u0027s headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypass filtering and detection by HAProxy.", "title": "Vulnerability description" }, { "category": "summary", "text": "haproxy: request smuggling attack in HTTP/1 header parsing", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform doesn\u0027t ship any haproxy code of its own and instead the openstack-haproxy-container consumes the `haproxy` RPM provided by RHEL.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25725" }, { "category": "external", "summary": "RHBZ#2169089", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169089" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25725", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25725" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25725", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25725" }, { "category": "external", "summary": "https://www.haproxy.com/blog/february-2023-header-parser-fixed/", "url": "https://www.haproxy.com/blog/february-2023-header-parser-fixed/" }, { "category": "external", "summary": "https://www.mail-archive.com/haproxy@formilux.org/msg43229.html", "url": "https://www.mail-archive.com/haproxy@formilux.org/msg43229.html" } ], "release_date": "2023-02-14T16:20:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "haproxy: request smuggling attack in HTTP/1 header parsing" }, { "cve": "CVE-2023-27898", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177629" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: XSS vulnerability in plugin manager", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27898" }, { "category": "external", "summary": "RHBZ#2177629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177629" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27898", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27898" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27898", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27898" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Jenkins: XSS vulnerability in plugin manager" }, { "cve": "CVE-2023-27899", "cwe": { "id": "CWE-378", "name": "Creation of Temporary File With Insecure Permissions" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177626" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. Jenkins creates a temporary file when a plugin is uploaded from an administrator\u2019s computer. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Temporary plugin file created with insecure permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27899" }, { "category": "external", "summary": "RHBZ#2177626", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177626" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27899", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27899" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27899", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27899" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Jenkins: Temporary plugin file created with insecure permissions" }, { "cve": "CVE-2023-27903", "cwe": { "id": "CWE-266", "name": "Incorrect Privilege Assignment" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177632" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI\u2019s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Temporary file parameter created with insecure permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27903" }, { "category": "external", "summary": "RHBZ#2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27903", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27903" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Temporary file parameter created with insecure permissions" }, { "cve": "CVE-2023-27904", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177634" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Information disclosure through error stack traces related to agents", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.src", "7Server-RH7-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.src", "7Server-RH7-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el7.x86_64", "7Server-RH7-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el7.x86_64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:bpftool-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.src", "8Base-RHOSE-4.10:cri-o-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debuginfo-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.aarch64", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.ppc64le", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.s390x", "8Base-RHOSE-4.10:cri-o-debugsource-0:1.23.5-8.rhaos4.10.gitcc8441d.el8.x86_64", "8Base-RHOSE-4.10:haproxy-0:2.2.19-4.el8.src", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy-debugsource-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.aarch64", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.ppc64le", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.s390x", "8Base-RHOSE-4.10:haproxy22-debuginfo-0:2.2.19-4.el8.x86_64", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-2-plugins-0:4.10.1680703106-1.el8.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.src", "8Base-RHOSE-4.10:kernel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-cross-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-core-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debug-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-debuginfo-common-aarch64-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-debuginfo-common-ppc64le-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-debuginfo-common-s390x-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-debuginfo-common-x86_64-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-doc-0:4.18.0-305.85.1.el8_4.noarch", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-headers-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-ipaclones-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-extra-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-modules-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.src", "8Base-RHOSE-4.10:kernel-rt-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-core-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debug-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-debuginfo-common-x86_64-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-devel-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-kvm-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-extra-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-modules-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-rt-selftests-internal-0:4.18.0-305.85.1.rt7.157.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-selftests-internal-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-tools-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:kernel-tools-libs-devel-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:kernel-zfcpdump-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-core-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-devel-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-extra-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:kernel-zfcpdump-modules-internal-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:openshift-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.src", "8Base-RHOSE-4.10:openshift-clients-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-clients-redistributable-0:4.10.0-202304032041.p0.g3a7500d.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.aarch64", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.ppc64le", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.s390x", "8Base-RHOSE-4.10:openshift-hyperkube-0:4.10.0-202303221742.p0.g16bcd69.assembly.stream.el8.x86_64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.aarch64", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.ppc64le", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.s390x", "8Base-RHOSE-4.10:python3-perf-debuginfo-0:4.18.0-305.85.1.el8_4.x86_64", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.noarch", "8Base-RHOSE-4.10:toolbox-0:0.0.9-1.rhaos4.10.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27904" }, { "category": "external", "summary": "RHBZ#2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-04-12T12:02:17+00:00", "details": "For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html", "product_ids": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1655" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.noarch", "8Base-RHOSE-4.10:jenkins-0:2.387.1.1680701869-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Information disclosure through error stack traces related to agents" } ] }
rhsa-2023_3663
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow (CVE-2022-41966)\n\n* json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) (CVE-2023-1370)\n\n* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)\n\n* log4j1-chainsaw, log4j1-socketappender: DoS via hashmap logging (CVE-2023-26464)\n\n* Jenkins: XSS vulnerability in plugin manager (CVE-2023-27898)\n\n* Jenkins: Temporary plugin file created with insecure permissions (CVE-2023-27899)\n\n* jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)\n\n* http2-server: Invalid HTTP/2 requests cause DoS (CVE-2022-2048)\n\n* springframework: BCrypt skips salt rounds for work factor of 31 (CVE-2022-22976)\n\n* jettison: parser crash by stackoverflow (CVE-2022-40149)\n\n* jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)\n\n* jackson-databind: use of deeply nested arrays (CVE-2022-42004)\n\n* jettison: Uncontrolled Recursion in JSONArray (CVE-2023-1436)\n\n* jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)\n\n* jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)\n\n* Jenkins: Temporary file parameter created with insecure permissions (CVE-2023-27903)\n\n* Jenkins: Information disclosure through error stack traces related to agents (CVE-2023-27904)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:3663", "url": "https://access.redhat.com/errata/RHSA-2023:3663" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2087214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087214" }, { "category": "external", "summary": "2116952", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952" }, { "category": "external", "summary": "2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "2170431", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431" }, { "category": "external", "summary": "2177626", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177626" }, { "category": "external", "summary": "2177629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177629" }, { "category": "external", "summary": "2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "external", "summary": "2180528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528" }, { "category": "external", "summary": "2182788", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788" }, { "category": "external", "summary": "2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "2188542", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542" }, { "category": "external", "summary": "2207830", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207830" }, { "category": "external", "summary": "2207835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207835" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3663.json" } ], "title": "Red Hat Security Advisory: jenkins and jenkins-2-plugins security update", "tracking": { "current_release_date": "2024-11-15T15:07:54+00:00", "generator": { "date": "2024-11-15T15:07:54+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:3663", "initial_release_date": "2023-06-19T10:15:57+00:00", "revision_history": [ { "date": "2023-06-19T10:15:57+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-06-19T10:15:57+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T15:07:54+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product": { "name": "OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:ocp_tools:4.11::el8" } } } ], "category": "product_family", "name": "OpenShift Jenkins" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.401.1.1686831596-3.el8.src", "product": { "name": "jenkins-0:2.401.1.1686831596-3.el8.src", "product_id": "jenkins-0:2.401.1.1686831596-3.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=src" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", "product": { "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", "product_id": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-0:2.401.1.1686831596-3.el8.noarch", "product": { "name": "jenkins-0:2.401.1.1686831596-3.el8.noarch", "product_id": "jenkins-0:2.401.1.1686831596-3.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins@2.401.1.1686831596-3.el8?arch=noarch" } } }, { "category": "product_version", "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "product": { "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "product_id": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@4.11.1686831822-1.el8?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.401.1.1686831596-3.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch" }, "product_reference": "jenkins-0:2.401.1.1686831596-3.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-0:2.401.1.1686831596-3.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" }, "product_reference": "jenkins-0:2.401.1.1686831596-3.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch" }, "product_reference": "jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "relates_to_product_reference": "8Base-OCP-Tools-4.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src as a component of OpenShift Developer Tools and Services for OCP 4.11 for RHEL 8", "product_id": "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" }, "product_reference": "jenkins-2-plugins-0:4.11.1686831822-1.el8.src", "relates_to_product_reference": "8Base-OCP-Tools-4.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-2048", "cwe": { "id": "CWE-410", "name": "Insufficient Resource Pool" }, "discovery_date": "2022-08-09T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2116952" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Eclipse Jetty http2-server package. This flaw allows an attacker to cause a denial of service in the server via HTTP/2 requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "http2-server: Invalid HTTP/2 requests cause DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-2048" }, { "category": "external", "summary": "RHBZ#2116952", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2116952" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-2048", "url": "https://www.cve.org/CVERecord?id=CVE-2022-2048" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2048" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j" } ], "release_date": "2022-07-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "http2-server: Invalid HTTP/2 requests cause DoS" }, { "cve": "CVE-2022-22976", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-05-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2087214" } ], "notes": [ { "category": "description", "text": "A flaw was found in Spring Framework. The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor (31) due to an integer overflow error.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: BCrypt skips salt rounds for work factor of 31", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-22976" }, { "category": "external", "summary": "RHBZ#2087214", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2087214" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-22976", "url": "https://www.cve.org/CVERecord?id=CVE-2022-22976" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22976", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22976" }, { "category": "external", "summary": "https://tanzu.vmware.com/security/cve-2022-22976", "url": "https://tanzu.vmware.com/security/cve-2022-22976" } ], "release_date": "2022-05-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "springframework: BCrypt skips salt rounds for work factor of 31" }, { "cve": "CVE-2022-40149", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2022-10-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135771" } ], "notes": [ { "category": "description", "text": "A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input, resulting in a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: parser crash by stackoverflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40149" }, { "category": "external", "summary": "RHBZ#2135771", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135771" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40149", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40149" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: parser crash by stackoverflow" }, { "cve": "CVE-2022-40150", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-10-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135770" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: memory exhaustion via user-supplied XML or JSON data", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40150" }, { "category": "external", "summary": "RHBZ#2135770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40150", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40150" }, { "category": "external", "summary": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1", "url": "https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1" } ], "release_date": "2022-09-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jettison: memory exhaustion via user-supplied XML or JSON data" }, { "cve": "CVE-2022-41966", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2023-02-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2170431" } ], "notes": [ { "category": "description", "text": "A flaw was found in the xstream package. This flaw allows an attacker to cause a denial of service by injecting recursive collections or maps, raising a stack overflow.", "title": "Vulnerability description" }, { "category": "summary", "text": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse 7 ships an affected version of XStream. No endpoint in any flavor of Fuse is accepting by default an unverified input stream passed directly to XStream unmarshaller. Documentation always recommend all the endpoints (TCP/UDP/HTTP(S)/other listeners) to have at least one layer of authentication/authorization and Fuse in general itself in particular has a lot of mechanisms to protect the endpoints.\n\nRed Hat Single Sign-On contains XStream as a transitive dependency from Infinispan and the same is not affected as NO_REFERENCE is in use.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-41966" }, { "category": "external", "summary": "RHBZ#2170431", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170431" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41966", "url": "https://www.cve.org/CVERecord?id=CVE-2022-41966" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41966" }, { "category": "external", "summary": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv", "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv" } ], "release_date": "2022-12-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "xstream: Denial of Service by injecting recursive collections or maps based on element\u0027s hash values raising a stack overflow" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135244" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled due to unchecked primitive value deserializers to avoid deep wrapper array nesting.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42003" }, { "category": "external", "summary": "RHBZ#2135244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135244" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42003", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS" }, { "cve": "CVE-2022-42004", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2022-10-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2135247" } ], "notes": [ { "category": "description", "text": "A flaw was found In FasterXML jackson-databind. This issue could allow an attacker to benefit from resource exhaustion due to the lack of a check in BeanDeserializer._deserializeFromArray to prevent the use of deeply nested arrays. An application is only vulnerable with certain customized choices for deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: use of deeply nested arrays", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-42004" }, { "category": "external", "summary": "RHBZ#2135247", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135247" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-42004", "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42004" } ], "release_date": "2022-10-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: use of deeply nested arrays" }, { "cve": "CVE-2023-1370", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2023-04-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2188542" } ], "notes": [ { "category": "description", "text": "A flaw was found in the json-smart package. This security flaw occurs when reaching a \u2018[\u2018 or \u2018{\u2018 character in the JSON input, and the code parses an array or an object, respectively. The 3PP does not have any limit to the nesting of such arrays or objects. Since nested arrays and objects are parsed recursively, nesting too many of them can cause stack exhaustion (stack overflow) and crash the software.", "title": "Vulnerability description" }, { "category": "summary", "text": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1370" }, { "category": "external", "summary": "RHBZ#2188542", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188542" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1370", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-493p-pfq6-5258", "url": "https://github.com/advisories/GHSA-493p-pfq6-5258" }, { "category": "external", "summary": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/", "url": "https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/" } ], "release_date": "2023-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion)" }, { "cve": "CVE-2023-1436", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2023-03-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182788" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jettison. Infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This issue leads to a StackOverflowError exception being thrown.", "title": "Vulnerability description" }, { "category": "summary", "text": "jettison: Uncontrolled Recursion in JSONArray", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1436" }, { "category": "external", "summary": "RHBZ#2182788", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182788" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1436", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1436" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1436" }, { "category": "external", "summary": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/", "url": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/" } ], "release_date": "2023-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jettison: Uncontrolled Recursion in JSONArray" }, { "cve": "CVE-2023-20860", "cwe": { "id": "CWE-155", "name": "Improper Neutralization of Wildcards or Matching Symbols" }, "discovery_date": "2023-03-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2180528" } ], "notes": [ { "category": "description", "text": "A flaw was found in Spring Framework. In this vulnerability, a security bypass is possible due to the behavior of the wildcard pattern.", "title": "Vulnerability description" }, { "category": "summary", "text": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-20860" }, { "category": "external", "summary": "RHBZ#2180528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180528" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-20860", "url": "https://www.cve.org/CVERecord?id=CVE-2023-20860" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20860" }, { "category": "external", "summary": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861", "url": "https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861" } ], "release_date": "2023-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern" }, { "cve": "CVE-2023-26464", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-03-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182864" } ], "notes": [ { "category": "description", "text": "A flaw was found in Chainsaw and SocketAppender components with Log4j 1.x on JRE, less than 1.7. This issue may allow an attacker to use a logging entry with a specially-crafted hashmap or hashtable, depending on which logging component is in use, to process and exhaust the available memory in the virtual machine, resulting in a Denial of Service when the object is deserialized. This issue affects Apache Log4j before version 2.", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j1-socketappender: DoS via hashmap logging", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8 and 9 security impacts have been reduced to Low as they do not enable the vulnerable JDK by default.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26464" }, { "category": "external", "summary": "RHBZ#2182864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182864" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26464", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26464" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26464" }, { "category": "external", "summary": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464", "url": "https://www.ibm.com/support/pages/security-bulletin-vulnerability-log4j-1216jar-affect-ibm-operations-analytics-log-analysis-cve-2023-26464" } ], "release_date": "2023-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "log4j1-socketappender: DoS via hashmap logging" }, { "cve": "CVE-2023-27898", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177629" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. Affected versions of Jenkins do not escape the Jenkins version that a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins in the plugin manager. This issue results in a stored Cross-site scripting (XSS) vulnerability, exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: XSS vulnerability in plugin manager", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27898" }, { "category": "external", "summary": "RHBZ#2177629", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177629" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27898", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27898" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27898", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27898" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3037" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Jenkins: XSS vulnerability in plugin manager" }, { "cve": "CVE-2023-27899", "cwe": { "id": "CWE-378", "name": "Creation of Temporary File With Insecure Permissions" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177626" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. Jenkins creates a temporary file when a plugin is uploaded from an administrator\u2019s computer. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Temporary plugin file created with insecure permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27899" }, { "category": "external", "summary": "RHBZ#2177626", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177626" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27899", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27899" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27899", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27899" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Jenkins: Temporary plugin file created with insecure permissions" }, { "cve": "CVE-2023-27903", "cwe": { "id": "CWE-266", "name": "Incorrect Privilege Assignment" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177632" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI\u2019s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Temporary file parameter created with insecure permissions", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27903" }, { "category": "external", "summary": "RHBZ#2177632", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177632" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27903", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27903" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27903" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Temporary file parameter created with insecure permissions" }, { "cve": "CVE-2023-27904", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2023-03-13T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2177634" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers.", "title": "Vulnerability description" }, { "category": "summary", "text": "Jenkins: Information disclosure through error stack traces related to agents", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27904" }, { "category": "external", "summary": "RHBZ#2177634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27904", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27904" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27904" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120" } ], "release_date": "2023-03-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Jenkins: Information disclosure through error stack traces related to agents" }, { "cve": "CVE-2023-32977", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2023-05-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2207830" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins Pipeline: Job Plugin. Affected versions of Jenkins Pipeline: Job Plugin are vulnerable to Cross-site scripting caused by improper validation of user-supplied input. This flaw allows a remote authenticated attacker to inject malicious script into a Web page, which would then be executed in a victim\u0027s Web browser within the security context of the hosting Web site once the page is viewed. The attacker could use this vulnerability to steal the victim\u0027s cookie-based authentication credentials.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won\u0027tfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-32977" }, { "category": "external", "summary": "RHBZ#2207830", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207830" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-32977", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32977" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32977", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32977" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042", "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3042" } ], "release_date": "2023-05-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin" }, { "cve": "CVE-2023-32981", "discovery_date": "2023-05-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2207835" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing \"dot dot\" sequences (/../) to create or replace arbitrary files on the agent file system with attacker-specified content.", "title": "Vulnerability description" }, { "category": "summary", "text": "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift 3.11 is in ELS. Jenkins and its related technologies will not be supported under ELS. Hence, OpenShift 3.11 is marked as affected/won\u0027tfix.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "known_not_affected": [ "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-0:2.401.1.1686831596-3.el8.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-32981" }, { "category": "external", "summary": "RHBZ#2207835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2207835" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-32981", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32981" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32981", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32981" }, { "category": "external", "summary": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196", "url": "https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196" } ], "release_date": "2023-05-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-19T10:15:57+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3663" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.noarch", "8Base-OCP-Tools-4.11:jenkins-2-plugins-0:4.11.1686831822-1.el8.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin" } ] }
gsd-2023-27899
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2023-27899", "id": "GSD-2023-27899" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-27899" ], "details": "Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.", "id": "GSD-2023-27899", "modified": "2023-12-13T01:20:55.314378Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2023-27899", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Jenkins", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "2.394", "versionType": "maven" }, { "lessThan": "2.375.*", "status": "unaffected", "version": "2.375.4", "versionType": "maven" }, { "lessThan": "2.387.*", "status": "unaffected", "version": "2.387.1", "versionType": "maven" } ] } } ] } } ] }, "vendor_name": "Jenkins Project" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823", "refsource": "MISC", "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "[2.375.4,2.394)", "affected_versions": "All versions after 2.375.4 before 2.394", "cvss_v3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-863", "CWE-937" ], "date": "2023-03-16", "description": "Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.", "fixed_versions": [ "2.394" ], "identifier": "CVE-2023-27899", "identifiers": [ "CVE-2023-27899" ], "not_impacted": "All versions starting from 2.394", "package_slug": "maven/org.jenkins-ci.main/jenkins-core", "pubdate": "2023-03-10", "solution": "Upgrade to version 2.394 or above.", "title": "Incorrect Authorization", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2023-27899", "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823" ], "uuid": "c8b7ebd0-1750-4d19-afd6-1c9f2c152323" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "2.394", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "2.375.4", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "jenkinsci-cert@googlegroups.com", "ID": "CVE-2023-27899" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-863" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823", "refsource": "MISC", "tags": [ "Vendor Advisory" ], "url": "https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.0, "impactScore": 5.9 } }, "lastModifiedDate": "2023-03-16T15:48Z", "publishedDate": "2023-03-10T21:15Z" } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.