rhba-2023_3300
Vulnerability from csaf_redhat
Published
2023-05-24 18:51
Modified
2024-11-05 16:02
Summary
Red Hat Bug Fix Advisory: Release of Bug Advisories for the Jenkins image and Jenkins agent base image

Notes

Topic
Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image
Details
Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.


To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Release of Bug Advisories for the OpenShift Jenkins image and Jenkins agent base image",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHBA-2023:3300",
        "url": "https://access.redhat.com/errata/RHBA-2023:3300"
      },
      {
        "category": "external",
        "summary": "https://docs.openshift.com/container-platform/4.12/cicd/jenkins/important-changes-to-openshift-jenkins-images.html",
        "url": "https://docs.openshift.com/container-platform/4.12/cicd/jenkins/important-changes-to-openshift-jenkins-images.html"
      },
      {
        "category": "external",
        "summary": "OCPBUGS-10976",
        "url": "https://issues.redhat.com/browse/OCPBUGS-10976"
      },
      {
        "category": "external",
        "summary": "OCPBUGS-11348",
        "url": "https://issues.redhat.com/browse/OCPBUGS-11348"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhba-2023_3300.json"
      }
    ],
    "title": "Red Hat Bug Fix Advisory: Release of Bug Advisories for the Jenkins image and Jenkins agent base image",
    "tracking": {
      "current_release_date": "2024-11-05T16:02:40+00:00",
      "generator": {
        "date": "2024-11-05T16:02:40+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHBA-2023:3300",
      "initial_release_date": "2023-05-24T18:51:56+00:00",
      "revision_history": [
        {
          "date": "2023-05-24T18:51:56+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-05-24T18:51:56+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T16:02:40+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Developer Tools and Services for OCP 4.12",
                "product": {
                  "name": "OpenShift Developer Tools and Services for OCP 4.12",
                  "product_id": "8Base-OCP-Tools-4.12",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ocp_tools:4.12::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "OpenShift Jenkins"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:936ef200431e0c833d351365113ff42e384b1080aebe84d5d913f52fb67da344_ppc64le",
                "product": {
                  "name": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:936ef200431e0c833d351365113ff42e384b1080aebe84d5d913f52fb67da344_ppc64le",
                  "product_id": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:936ef200431e0c833d351365113ff42e384b1080aebe84d5d913f52fb67da344_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jenkins-agent-base-rhel8@sha256:936ef200431e0c833d351365113ff42e384b1080aebe84d5d913f52fb67da344?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8\u0026tag=v4.12.0-1683009711"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ocp-tools-4/jenkins-rhel8@sha256:679aa2d2879a987b59397d3e10f0839f20de3c91ffaf4f062b3351609c86ce9f_ppc64le",
                "product": {
                  "name": "ocp-tools-4/jenkins-rhel8@sha256:679aa2d2879a987b59397d3e10f0839f20de3c91ffaf4f062b3351609c86ce9f_ppc64le",
                  "product_id": "ocp-tools-4/jenkins-rhel8@sha256:679aa2d2879a987b59397d3e10f0839f20de3c91ffaf4f062b3351609c86ce9f_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jenkins-rhel8@sha256:679aa2d2879a987b59397d3e10f0839f20de3c91ffaf4f062b3351609c86ce9f?arch=ppc64le\u0026repository_url=registry.redhat.io/ocp-tools-4/jenkins-rhel8\u0026tag=v4.12.0-1683010621"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:0423ad7d75b79137b9ebc4460ee43d590344247a74940164585fce22979e1e23_amd64",
                "product": {
                  "name": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:0423ad7d75b79137b9ebc4460ee43d590344247a74940164585fce22979e1e23_amd64",
                  "product_id": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:0423ad7d75b79137b9ebc4460ee43d590344247a74940164585fce22979e1e23_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jenkins-agent-base-rhel8@sha256:0423ad7d75b79137b9ebc4460ee43d590344247a74940164585fce22979e1e23?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8\u0026tag=v4.12.0-1683009711"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ocp-tools-4/jenkins-rhel8@sha256:270b4e3496a9f4267e28883aacfe2da2e7ac2207efb4b793261dc1d06048535c_amd64",
                "product": {
                  "name": "ocp-tools-4/jenkins-rhel8@sha256:270b4e3496a9f4267e28883aacfe2da2e7ac2207efb4b793261dc1d06048535c_amd64",
                  "product_id": "ocp-tools-4/jenkins-rhel8@sha256:270b4e3496a9f4267e28883aacfe2da2e7ac2207efb4b793261dc1d06048535c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jenkins-rhel8@sha256:270b4e3496a9f4267e28883aacfe2da2e7ac2207efb4b793261dc1d06048535c?arch=amd64\u0026repository_url=registry.redhat.io/ocp-tools-4/jenkins-rhel8\u0026tag=v4.12.0-1683010621"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:0313544d81f202e1945024ed9dd6e7c91d1506c00fc8e642f6d168bb7f59e27a_s390x",
                "product": {
                  "name": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:0313544d81f202e1945024ed9dd6e7c91d1506c00fc8e642f6d168bb7f59e27a_s390x",
                  "product_id": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:0313544d81f202e1945024ed9dd6e7c91d1506c00fc8e642f6d168bb7f59e27a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jenkins-agent-base-rhel8@sha256:0313544d81f202e1945024ed9dd6e7c91d1506c00fc8e642f6d168bb7f59e27a?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8\u0026tag=v4.12.0-1683009711"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ocp-tools-4/jenkins-rhel8@sha256:62ff9863ea5501e790cb56171625abdb7b42e0e2fee658f03264631b76bf1800_s390x",
                "product": {
                  "name": "ocp-tools-4/jenkins-rhel8@sha256:62ff9863ea5501e790cb56171625abdb7b42e0e2fee658f03264631b76bf1800_s390x",
                  "product_id": "ocp-tools-4/jenkins-rhel8@sha256:62ff9863ea5501e790cb56171625abdb7b42e0e2fee658f03264631b76bf1800_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jenkins-rhel8@sha256:62ff9863ea5501e790cb56171625abdb7b42e0e2fee658f03264631b76bf1800?arch=s390x\u0026repository_url=registry.redhat.io/ocp-tools-4/jenkins-rhel8\u0026tag=v4.12.0-1683010621"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:ca7fb421a4e99ab1868e1ba7d1efca81598c940f8dbddc9ead615851325897bb_arm64",
                "product": {
                  "name": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:ca7fb421a4e99ab1868e1ba7d1efca81598c940f8dbddc9ead615851325897bb_arm64",
                  "product_id": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:ca7fb421a4e99ab1868e1ba7d1efca81598c940f8dbddc9ead615851325897bb_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jenkins-agent-base-rhel8@sha256:ca7fb421a4e99ab1868e1ba7d1efca81598c940f8dbddc9ead615851325897bb?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4/jenkins-agent-base-rhel8\u0026tag=v4.12.0-1683009711"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ocp-tools-4/jenkins-rhel8@sha256:1c4b554f7d5c3d00805e52f927b03c37d2fb9e9abe47090f6938ea34da94fbb9_arm64",
                "product": {
                  "name": "ocp-tools-4/jenkins-rhel8@sha256:1c4b554f7d5c3d00805e52f927b03c37d2fb9e9abe47090f6938ea34da94fbb9_arm64",
                  "product_id": "ocp-tools-4/jenkins-rhel8@sha256:1c4b554f7d5c3d00805e52f927b03c37d2fb9e9abe47090f6938ea34da94fbb9_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jenkins-rhel8@sha256:1c4b554f7d5c3d00805e52f927b03c37d2fb9e9abe47090f6938ea34da94fbb9?arch=arm64\u0026repository_url=registry.redhat.io/ocp-tools-4/jenkins-rhel8\u0026tag=v4.12.0-1683010621"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:0313544d81f202e1945024ed9dd6e7c91d1506c00fc8e642f6d168bb7f59e27a_s390x as a component of OpenShift Developer Tools and Services for OCP 4.12",
          "product_id": "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-agent-base-rhel8@sha256:0313544d81f202e1945024ed9dd6e7c91d1506c00fc8e642f6d168bb7f59e27a_s390x"
        },
        "product_reference": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:0313544d81f202e1945024ed9dd6e7c91d1506c00fc8e642f6d168bb7f59e27a_s390x",
        "relates_to_product_reference": "8Base-OCP-Tools-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:0423ad7d75b79137b9ebc4460ee43d590344247a74940164585fce22979e1e23_amd64 as a component of OpenShift Developer Tools and Services for OCP 4.12",
          "product_id": "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-agent-base-rhel8@sha256:0423ad7d75b79137b9ebc4460ee43d590344247a74940164585fce22979e1e23_amd64"
        },
        "product_reference": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:0423ad7d75b79137b9ebc4460ee43d590344247a74940164585fce22979e1e23_amd64",
        "relates_to_product_reference": "8Base-OCP-Tools-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:936ef200431e0c833d351365113ff42e384b1080aebe84d5d913f52fb67da344_ppc64le as a component of OpenShift Developer Tools and Services for OCP 4.12",
          "product_id": "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-agent-base-rhel8@sha256:936ef200431e0c833d351365113ff42e384b1080aebe84d5d913f52fb67da344_ppc64le"
        },
        "product_reference": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:936ef200431e0c833d351365113ff42e384b1080aebe84d5d913f52fb67da344_ppc64le",
        "relates_to_product_reference": "8Base-OCP-Tools-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:ca7fb421a4e99ab1868e1ba7d1efca81598c940f8dbddc9ead615851325897bb_arm64 as a component of OpenShift Developer Tools and Services for OCP 4.12",
          "product_id": "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-agent-base-rhel8@sha256:ca7fb421a4e99ab1868e1ba7d1efca81598c940f8dbddc9ead615851325897bb_arm64"
        },
        "product_reference": "ocp-tools-4/jenkins-agent-base-rhel8@sha256:ca7fb421a4e99ab1868e1ba7d1efca81598c940f8dbddc9ead615851325897bb_arm64",
        "relates_to_product_reference": "8Base-OCP-Tools-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ocp-tools-4/jenkins-rhel8@sha256:1c4b554f7d5c3d00805e52f927b03c37d2fb9e9abe47090f6938ea34da94fbb9_arm64 as a component of OpenShift Developer Tools and Services for OCP 4.12",
          "product_id": "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-rhel8@sha256:1c4b554f7d5c3d00805e52f927b03c37d2fb9e9abe47090f6938ea34da94fbb9_arm64"
        },
        "product_reference": "ocp-tools-4/jenkins-rhel8@sha256:1c4b554f7d5c3d00805e52f927b03c37d2fb9e9abe47090f6938ea34da94fbb9_arm64",
        "relates_to_product_reference": "8Base-OCP-Tools-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ocp-tools-4/jenkins-rhel8@sha256:270b4e3496a9f4267e28883aacfe2da2e7ac2207efb4b793261dc1d06048535c_amd64 as a component of OpenShift Developer Tools and Services for OCP 4.12",
          "product_id": "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-rhel8@sha256:270b4e3496a9f4267e28883aacfe2da2e7ac2207efb4b793261dc1d06048535c_amd64"
        },
        "product_reference": "ocp-tools-4/jenkins-rhel8@sha256:270b4e3496a9f4267e28883aacfe2da2e7ac2207efb4b793261dc1d06048535c_amd64",
        "relates_to_product_reference": "8Base-OCP-Tools-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ocp-tools-4/jenkins-rhel8@sha256:62ff9863ea5501e790cb56171625abdb7b42e0e2fee658f03264631b76bf1800_s390x as a component of OpenShift Developer Tools and Services for OCP 4.12",
          "product_id": "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-rhel8@sha256:62ff9863ea5501e790cb56171625abdb7b42e0e2fee658f03264631b76bf1800_s390x"
        },
        "product_reference": "ocp-tools-4/jenkins-rhel8@sha256:62ff9863ea5501e790cb56171625abdb7b42e0e2fee658f03264631b76bf1800_s390x",
        "relates_to_product_reference": "8Base-OCP-Tools-4.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ocp-tools-4/jenkins-rhel8@sha256:679aa2d2879a987b59397d3e10f0839f20de3c91ffaf4f062b3351609c86ce9f_ppc64le as a component of OpenShift Developer Tools and Services for OCP 4.12",
          "product_id": "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-rhel8@sha256:679aa2d2879a987b59397d3e10f0839f20de3c91ffaf4f062b3351609c86ce9f_ppc64le"
        },
        "product_reference": "ocp-tools-4/jenkins-rhel8@sha256:679aa2d2879a987b59397d3e10f0839f20de3c91ffaf4f062b3351609c86ce9f_ppc64le",
        "relates_to_product_reference": "8Base-OCP-Tools-4.12"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-41854",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-12-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2151988"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "dev-java/snakeyaml: DoS via stack overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-agent-base-rhel8@sha256:0313544d81f202e1945024ed9dd6e7c91d1506c00fc8e642f6d168bb7f59e27a_s390x",
          "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-agent-base-rhel8@sha256:0423ad7d75b79137b9ebc4460ee43d590344247a74940164585fce22979e1e23_amd64",
          "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-agent-base-rhel8@sha256:936ef200431e0c833d351365113ff42e384b1080aebe84d5d913f52fb67da344_ppc64le",
          "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-agent-base-rhel8@sha256:ca7fb421a4e99ab1868e1ba7d1efca81598c940f8dbddc9ead615851325897bb_arm64",
          "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-rhel8@sha256:1c4b554f7d5c3d00805e52f927b03c37d2fb9e9abe47090f6938ea34da94fbb9_arm64",
          "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-rhel8@sha256:270b4e3496a9f4267e28883aacfe2da2e7ac2207efb4b793261dc1d06048535c_amd64",
          "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-rhel8@sha256:62ff9863ea5501e790cb56171625abdb7b42e0e2fee658f03264631b76bf1800_s390x",
          "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-rhel8@sha256:679aa2d2879a987b59397d3e10f0839f20de3c91ffaf4f062b3351609c86ce9f_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41854"
        },
        {
          "category": "external",
          "summary": "RHBZ#2151988",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41854",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
        },
        {
          "category": "external",
          "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355",
          "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355"
        },
        {
          "category": "external",
          "summary": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355",
          "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
        }
      ],
      "release_date": "2022-11-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-05-24T18:51:56+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-agent-base-rhel8@sha256:0313544d81f202e1945024ed9dd6e7c91d1506c00fc8e642f6d168bb7f59e27a_s390x",
            "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-agent-base-rhel8@sha256:0423ad7d75b79137b9ebc4460ee43d590344247a74940164585fce22979e1e23_amd64",
            "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-agent-base-rhel8@sha256:936ef200431e0c833d351365113ff42e384b1080aebe84d5d913f52fb67da344_ppc64le",
            "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-agent-base-rhel8@sha256:ca7fb421a4e99ab1868e1ba7d1efca81598c940f8dbddc9ead615851325897bb_arm64",
            "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-rhel8@sha256:1c4b554f7d5c3d00805e52f927b03c37d2fb9e9abe47090f6938ea34da94fbb9_arm64",
            "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-rhel8@sha256:270b4e3496a9f4267e28883aacfe2da2e7ac2207efb4b793261dc1d06048535c_amd64",
            "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-rhel8@sha256:62ff9863ea5501e790cb56171625abdb7b42e0e2fee658f03264631b76bf1800_s390x",
            "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-rhel8@sha256:679aa2d2879a987b59397d3e10f0839f20de3c91ffaf4f062b3351609c86ce9f_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2023:3300"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-agent-base-rhel8@sha256:0313544d81f202e1945024ed9dd6e7c91d1506c00fc8e642f6d168bb7f59e27a_s390x",
            "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-agent-base-rhel8@sha256:0423ad7d75b79137b9ebc4460ee43d590344247a74940164585fce22979e1e23_amd64",
            "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-agent-base-rhel8@sha256:936ef200431e0c833d351365113ff42e384b1080aebe84d5d913f52fb67da344_ppc64le",
            "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-agent-base-rhel8@sha256:ca7fb421a4e99ab1868e1ba7d1efca81598c940f8dbddc9ead615851325897bb_arm64",
            "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-rhel8@sha256:1c4b554f7d5c3d00805e52f927b03c37d2fb9e9abe47090f6938ea34da94fbb9_arm64",
            "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-rhel8@sha256:270b4e3496a9f4267e28883aacfe2da2e7ac2207efb4b793261dc1d06048535c_amd64",
            "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-rhel8@sha256:62ff9863ea5501e790cb56171625abdb7b42e0e2fee658f03264631b76bf1800_s390x",
            "8Base-OCP-Tools-4.12:ocp-tools-4/jenkins-rhel8@sha256:679aa2d2879a987b59397d3e10f0839f20de3c91ffaf4f062b3351609c86ce9f_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "dev-java/snakeyaml: DoS via stack overflow"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.