RHSA-2020_5605
Vulnerability from csaf_redhat - Published: 2020-12-17 19:42 - Updated: 2024-12-17 21:12Summary
Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update
Severity
Moderate
Notes
Topic: Updated images are now available for Red Hat OpenShift Container Storage 4.6.0 on Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.
These updated images include numerous security fixes, bug fixes, and enhancements.
Security Fix(es):
* nodejs-node-forge: prototype pollution via the util.setPath function (CVE-2020-7720)
* nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS (CVE-2020-8237)
* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)
* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Users are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.6/html/4.6_release_notes/index
All Red Hat OpenShift Container Storage users are advised to upgrade to
these updated images.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in nodejs-node-forge. A Prototype Pollution via the util.setPath function is possible.
7.3 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2020:5605
A flaw was found in nodejs-json-bigint. A Prototype pollution in json-bigint npm may lead to a denial-of-service (DoS) attack.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2020:5605
A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2020:5605
A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability.
5.9 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2020:5605
A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The highest threat from this vulnerability is to system availability.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2020:5605
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat OpenShift Container Storage 4.6.0 on Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API.\n\nThese updated images include numerous security fixes, bug fixes, and enhancements. \n\nSecurity Fix(es):\n\n* nodejs-node-forge: prototype pollution via the util.setPath function (CVE-2020-7720)\n\n* nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS (CVE-2020-8237)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nUsers are directed to the Red Hat OpenShift Container Storage Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.6/html/4.6_release_notes/index\n\nAll Red Hat OpenShift Container Storage users are advised to upgrade to\nthese updated images.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:5605",
"url": "https://access.redhat.com/errata/RHSA-2020:5605"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1806266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806266"
},
{
"category": "external",
"summary": "1813506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813506"
},
{
"category": "external",
"summary": "1817438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817438"
},
{
"category": "external",
"summary": "1817850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817850"
},
{
"category": "external",
"summary": "1827157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1827157"
},
{
"category": "external",
"summary": "1829055",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1829055"
},
{
"category": "external",
"summary": "1833153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833153"
},
{
"category": "external",
"summary": "1836299",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1836299"
},
{
"category": "external",
"summary": "1842254",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842254"
},
{
"category": "external",
"summary": "1845976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1845976"
},
{
"category": "external",
"summary": "1849771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849771"
},
{
"category": "external",
"summary": "1853652",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
},
{
"category": "external",
"summary": "1854500",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854500"
},
{
"category": "external",
"summary": "1854501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854501"
},
{
"category": "external",
"summary": "1854503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854503"
},
{
"category": "external",
"summary": "1856953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953"
},
{
"category": "external",
"summary": "1858195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1858195"
},
{
"category": "external",
"summary": "1859183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1859183"
},
{
"category": "external",
"summary": "1859229",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1859229"
},
{
"category": "external",
"summary": "1859478",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1859478"
},
{
"category": "external",
"summary": "1860022",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860022"
},
{
"category": "external",
"summary": "1860034",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860034"
},
{
"category": "external",
"summary": "1860670",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860670"
},
{
"category": "external",
"summary": "1860848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860848"
},
{
"category": "external",
"summary": "1861780",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861780"
},
{
"category": "external",
"summary": "1865938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1865938"
},
{
"category": "external",
"summary": "1867024",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867024"
},
{
"category": "external",
"summary": "1867099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099"
},
{
"category": "external",
"summary": "1868060",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868060"
},
{
"category": "external",
"summary": "1868703",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868703"
},
{
"category": "external",
"summary": "1869411",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869411"
},
{
"category": "external",
"summary": "1870061",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1870061"
},
{
"category": "external",
"summary": "1870338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1870338"
},
{
"category": "external",
"summary": "1870631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1870631"
},
{
"category": "external",
"summary": "1872119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1872119"
},
{
"category": "external",
"summary": "1872696",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1872696"
},
{
"category": "external",
"summary": "1873864",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873864"
},
{
"category": "external",
"summary": "1874606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874606"
},
{
"category": "external",
"summary": "1875476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1875476"
},
{
"category": "external",
"summary": "1877339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877339"
},
{
"category": "external",
"summary": "1877371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877371"
},
{
"category": "external",
"summary": "1878153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1878153"
},
{
"category": "external",
"summary": "1878714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1878714"
},
{
"category": "external",
"summary": "1878853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1878853"
},
{
"category": "external",
"summary": "1879008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879008"
},
{
"category": "external",
"summary": "1879072",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879072"
},
{
"category": "external",
"summary": "1879919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879919"
},
{
"category": "external",
"summary": "1880255",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880255"
},
{
"category": "external",
"summary": "1881028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881028"
},
{
"category": "external",
"summary": "1881071",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881071"
},
{
"category": "external",
"summary": "1882397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882397"
},
{
"category": "external",
"summary": "1883253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883253"
},
{
"category": "external",
"summary": "1883398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883398"
},
{
"category": "external",
"summary": "1883767",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883767"
},
{
"category": "external",
"summary": "1883810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883810"
},
{
"category": "external",
"summary": "1883927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883927"
},
{
"category": "external",
"summary": "1885175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885175"
},
{
"category": "external",
"summary": "1885428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885428"
},
{
"category": "external",
"summary": "1885648",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885648"
},
{
"category": "external",
"summary": "1885971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885971"
},
{
"category": "external",
"summary": "1886308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886308"
},
{
"category": "external",
"summary": "1886348",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886348"
},
{
"category": "external",
"summary": "1886551",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886551"
},
{
"category": "external",
"summary": "1886709",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886709"
},
{
"category": "external",
"summary": "1886859",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886859"
},
{
"category": "external",
"summary": "1886873",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886873"
},
{
"category": "external",
"summary": "1888583",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1888583"
},
{
"category": "external",
"summary": "1888593",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1888593"
},
{
"category": "external",
"summary": "1888614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1888614"
},
{
"category": "external",
"summary": "1889441",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889441"
},
{
"category": "external",
"summary": "1889683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889683"
},
{
"category": "external",
"summary": "1889866",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889866"
},
{
"category": "external",
"summary": "1890183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890183"
},
{
"category": "external",
"summary": "1890638",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890638"
},
{
"category": "external",
"summary": "1890971",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890971"
},
{
"category": "external",
"summary": "1891856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891856"
},
{
"category": "external",
"summary": "1892206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892206"
},
{
"category": "external",
"summary": "1892234",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892234"
},
{
"category": "external",
"summary": "1893624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893624"
},
{
"category": "external",
"summary": "1893691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893691"
},
{
"category": "external",
"summary": "1893714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893714"
},
{
"category": "external",
"summary": "1895402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1895402"
},
{
"category": "external",
"summary": "1896298",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1896298"
},
{
"category": "external",
"summary": "1896831",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1896831"
},
{
"category": "external",
"summary": "1898521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898521"
},
{
"category": "external",
"summary": "1902627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902627"
},
{
"category": "external",
"summary": "1904171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1904171"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5605.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update",
"tracking": {
"current_release_date": "2024-12-17T21:12:52+00:00",
"generator": {
"date": "2024-12-17T21:12:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2020:5605",
"initial_release_date": "2020-12-17T19:42:16+00:00",
"revision_history": [
{
"date": "2020-12-17T19:42:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-12-17T19:42:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-17T21:12:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product": {
"name": "Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_container_storage:4.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Container Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"product_id": "ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=4.6-52.49cf5efdd.release_4.6"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"product_id": "ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=5.6.0-38.31e0c3c7b.5.6"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"product_id": "ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=5.6.0-39.2279a46.5.6"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=4.6-76.0811c33c.release_4.6"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x",
"product_id": "ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=4.6.0-7"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"product_id": "ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=4.6-76.0811c33c.release_4.6"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba?arch=s390x\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=4.6-80.1ae5ac6a.release_4.6"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"product_id": "ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=4.6-52.49cf5efdd.release_4.6"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"product_id": "ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=5.6.0-38.31e0c3c7b.5.6"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"product_id": "ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=5.6.0-39.2279a46.5.6"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=4.6-76.0811c33c.release_4.6"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"product_id": "ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=4.6.0-7"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"product_id": "ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=4.6-76.0811c33c.release_4.6"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1?arch=amd64\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=4.6-80.1ae5ac6a.release_4.6"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"product": {
"name": "ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"product_id": "ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/cephcsi-rhel8\u0026tag=4.6-52.49cf5efdd.release_4.6"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le",
"product": {
"name": "ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le",
"product_id": "ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/mcg-core-rhel8\u0026tag=5.6.0-38.31e0c3c7b.5.6"
}
}
},
{
"category": "product_version",
"name": "ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"product": {
"name": "ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"product_id": "ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/mcg-rhel8-operator\u0026tag=5.6.0-39.2279a46.5.6"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"product": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"product_id": "ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-must-gather-rhel8\u0026tag=4.6-76.0811c33c.release_4.6"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"product": {
"name": "ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"product_id": "ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-operator-bundle\u0026tag=4.6.0-7"
}
}
},
{
"category": "product_version",
"name": "ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"product": {
"name": "ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"product_id": "ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/ocs-rhel8-operator\u0026tag=4.6-76.0811c33c.release_4.6"
}
}
},
{
"category": "product_version",
"name": "ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"product": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"product_id": "ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1?arch=ppc64le\u0026repository_url=registry.redhat.io/ocs4/rook-ceph-rhel8-operator\u0026tag=4.6-80.1ae5ac6a.release_4.6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64 as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x"
},
"product_reference": "ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64 as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le"
},
"product_reference": "ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64 as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64"
},
"product_reference": "ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64 as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le"
},
"product_reference": "ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64 as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x"
},
"product_reference": "ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64 as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le"
},
"product_reference": "ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64 as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x as a component of Red Hat OpenShift Container Storage 4.6 on RHEL-8",
"product_id": "8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x"
},
"product_reference": "ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x",
"relates_to_product_reference": "8Base-RH-OCS-4.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7720",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-09-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1874606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-node-forge. A Prototype Pollution via the util.setPath function is possible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-node-forge: prototype pollution via the util.setPath function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat Openshift Container Storage 4 the noobaa-core container includes the affected version of node-forge as a dependency of google-p12-pem, however the vulnerable function `util.setPath` is not being used and hence this issue has been rated as having a security impact of Low.\n\nIn OpenShift Container Platform (OCP) the prometheus container is behind OpenShift OAuth restricting access to the vulnerable node-forge library to authenticated users only, therefore the impact is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le"
],
"known_not_affected": [
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7720"
},
{
"category": "external",
"summary": "RHBZ#1874606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1874606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7720",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7720"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677",
"url": "https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677"
}
],
"release_date": "2020-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-17T19:42:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5605"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-node-forge: prototype pollution via the util.setPath function"
},
{
"cve": "CVE-2020-8237",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2020-09-19T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1881028"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-json-bigint. A Prototype pollution in json-bigint npm may lead to a denial-of-service (DoS) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In Red Hat Openshift Container Storage 4 the noobaa-core container includes the affected version of json-bigint as a dependency of googleapis, however the json-bigint library is not being used and hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le"
],
"known_not_affected": [
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-8237"
},
{
"category": "external",
"summary": "RHBZ#1881028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881028"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-8237",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8237"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8237",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8237"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/916430",
"url": "https://hackerone.com/reports/916430"
}
],
"release_date": "2020-08-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-17T19:42:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5605"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS"
},
{
"cve": "CVE-2020-14040",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2020-06-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1853652"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was found in the golang.org/x/text library. A library or application must use one of the vulnerable functions, such as unicode.Transform, transform.String, or transform.Byte, to be susceptible to this vulnerability. If an attacker is able to supply specific characters or strings to the vulnerable application, there is the potential to cause an infinite loop to occur using more memory, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "* OpenShift ServiceMesh (OSSM) 1.0 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Jaeger was packaged with ServiceMesh in 1.0, and hence is also marked OOSS, but the Jaeger-Operator is a standalone product and is affected by this vulnerability.\n\n* Because Service Telemetry Framework does not directly use unicode.UTF16, no update will be provided at this time for STF\u0027s sg-core-container.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x"
],
"known_not_affected": [
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-14040"
},
{
"category": "external",
"summary": "RHBZ#1853652",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853652"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14040"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/39491",
"url": "https://github.com/golang/go/issues/39491"
},
{
"category": "external",
"summary": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0",
"url": "https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0"
}
],
"release_date": "2020-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-17T19:42:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5605"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash"
},
{
"cve": "CVE-2020-15586",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2020-07-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1856953"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found Go\u0027s net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) components are primarily written in Go, meaning that any component using the net/http package includes the vulnerable code. OCP server endpoints using ReverseProxy are protected by authentication, reducing the severity of this vulnerability to Low for OCP.\n\nSimilar to OCP, OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization are also primarily written in Go and are protected via authentication, reducing the severity of this vulnerability to Low.\n\nRed Hat Gluster Storage 3 and Red Hat Openshift Container Storage 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.\n\nRed Hat Ceph Storage 3 and 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x"
],
"known_not_affected": [
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-15586"
},
{
"category": "external",
"summary": "RHBZ#1856953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-15586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15586"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ",
"url": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ"
}
],
"release_date": "2020-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-17T19:42:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5605"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS"
},
{
"cve": "CVE-2020-16845",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2020-08-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1867099"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization components are primarily written in Go, meaning that any component using the encoding/binary package includes the vulnerable code. The affected components are behind OpenShift OAuth authentication, therefore the impact is low.\n\nRed Hat Gluster Storage 3, Red Hat OpenShift Container Storage 4 and Red Hat Ceph Storage (3 and 4) components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x"
],
"known_not_affected": [
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-16845"
},
{
"category": "external",
"summary": "RHBZ#1867099",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-16845",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16845"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo",
"url": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo"
}
],
"release_date": "2020-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-12-17T19:42:16+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:5605"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:492c9108e48616af210528103f20194ef29fa4cd8d9763c94d96b6f265e4469e_amd64",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:c16704fcd90730c2fb0d8de17dd88c8439167d0b05609fccacde179878941b4d_ppc64le",
"8Base-RH-OCS-4.6:ocs4/cephcsi-rhel8@sha256:cd06aed28dac2e6bfe353648f87ac36a1c026ce7a19c354641de52a88fabe634_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:228facfd8d353ab64a8752579b3f9a6fd0cc00b684a48de8ba4a93a41f12ae25_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:6c553f9b1826b20d599a85e336cc37ab7ea968016421f387b50f3fa0b2619d16_amd64",
"8Base-RH-OCS-4.6:ocs4/mcg-core-rhel8@sha256:de77acd77b0d96e98cade06428f562018d975204c439d1f9eb5fa861da95dd0b_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:7959ba718b188efd0148f75f53cf5f44c78c930dd9d42e1d956e24c626ea2750_ppc64le",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:9f0961dd0244e87ee0ac84b4c0e6429587ae4f9693f4d2eccb2aea8bfbb5c976_s390x",
"8Base-RH-OCS-4.6:ocs4/mcg-rhel8-operator@sha256:ce2193663c4a7f745297f8ffe31a5928fa4897094a33af62f0baeb5cbc16f93f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:0d5d1bd9b22e36f2631798d0de425a2d9d2733089d1236f64187e6d6b2dc8f70_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:3b6e4a5ef4f5d7d4337914aea48c763ff880b69bfc7d38c58f89df971bb5ae08_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-must-gather-rhel8@sha256:fc8f005b12eff3ffcf98c8af6990a751140c006809c1e98a55b50a56834566c2_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:07b8cf8f427b8012fb06f25ae6b9c914ee5afa854a12d025b027ab45a66f03dc_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:793af66664c7f9258db7b76da07d1f4359cfd00267e7b30b6e286f56fa107c9c_ppc64le",
"8Base-RH-OCS-4.6:ocs4/ocs-operator-bundle@sha256:863bdc2ff0e0f453db71c06996571563b662c33d711481ef9447f7b599d653b4_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:3d3974fa0859d2515876eff3536cc02b6f38edc54f3abf95cf6d89eff15e9c03_s390x",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:672dc6d72efceb4028b8d9d5797c294d4e29cab89d1c3252fd8f67d5e695039f_amd64",
"8Base-RH-OCS-4.6:ocs4/ocs-rhel8-operator@sha256:9b31ac173c178cb1fd1615d203a734d1b1ba167ef9fad4f6385fda165a3ab010_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:24fdccaa3e922e377ab4afc5e9f1688ab9b6ad62d4f67c3d8f9eb514d57e71d1_amd64",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:4ad4f6e105496f0cb6e5153bdcc67af0b580e5edd894d2481d8c8d3fe7a8a7c1_ppc64le",
"8Base-RH-OCS-4.6:ocs4/rook-ceph-rhel8-operator@sha256:88236806d818e3f32137ea71824133b4373829325e82ba23e0fe2f199850a3ba_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…