rhsa-2021:5086
Vulnerability from csaf_redhat
Published
2021-12-13 19:26
Modified
2025-03-21 01:00
Summary
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.9.0 enhancement, security, and bug fix update
Notes
Topic
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.9.0 on Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Data Foundation is software-defined storage integrated
with and optimized for the Red Hat OpenShift Container Platform. Red Hat
OpenShift Data Foundation is a highly scalable, production-grade persistent
storage for stateful applications running in the Red Hat OpenShift
Container Platform. In addition to persistent storage, Red Hat OpenShift
Data Foundation provisions a multicloud data management service with an S3
compatible API.
Security Fix(es):
* kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9 (CVE-2020-8565)
* nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite (CVE-2021-32803)
* nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite (CVE-2021-32804)
* golang: net: lookup functions may return invalid host names (CVE-2021-33195)
* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)
* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)
* nodejs-tar: insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite (CVE-2021-37701)
* nodejs-tar: insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite (CVE-2021-37712)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information refer to the CVE
page(s) listed in the References section.
These updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:
https://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.9/html/4.9_release_notes/index
All Red Hat OpenShift Data Foundation users are advised to upgrade to
these updated images, which provide numerous bug fixes and enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.9.0 on Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Data Foundation is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform. Red Hat\nOpenShift Data Foundation is a highly scalable, production-grade persistent\nstorage for stateful applications running in the Red Hat OpenShift\nContainer Platform. In addition to persistent storage, Red Hat OpenShift\nData Foundation provisions a multicloud data management service with an S3\ncompatible API.\n\nSecurity Fix(es):\n\n* kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9 (CVE-2020-8565)\n\n* nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite (CVE-2021-32803)\n\n* nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite (CVE-2021-32804)\n\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n\n* nodejs-tar: insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite (CVE-2021-37701)\n\n* nodejs-tar: insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite (CVE-2021-37712)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information refer to the CVE\npage(s) listed in the References section.\n\nThese updated images include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com//documentation/en-us/red_hat_openshift_data_foundation/4.9/html/4.9_release_notes/index\n\nAll Red Hat OpenShift Data Foundation users are advised to upgrade to\nthese updated images, which provide numerous bug fixes and enhancements.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2021:5086", url: "https://access.redhat.com/errata/RHSA-2021:5086", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "1810525", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1810525", }, { category: "external", summary: "1853638", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1853638", }, { category: "external", summary: "1886638", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886638", }, { category: "external", summary: "1890438", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1890438", }, { category: "external", summary: "1890978", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1890978", }, { category: "external", summary: "1892709", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1892709", }, { category: "external", summary: "1901954", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1901954", }, { category: "external", summary: "1910790", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1910790", }, { category: "external", summary: "1927782", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1927782", }, { category: "external", summary: "1929242", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1929242", }, { category: "external", summary: "1932396", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1932396", }, { category: "external", summary: "1934625", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1934625", }, { category: "external", summary: "1956285", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1956285", }, { category: "external", summary: "1959793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1959793", }, { category: "external", summary: "1964083", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1964083", }, { category: "external", summary: "1965322", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1965322", }, { category: "external", summary: "1968510", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1968510", }, { category: "external", summary: "1968606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1968606", }, { category: "external", summary: "1969216", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1969216", }, { category: "external", summary: "1973256", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1973256", }, { category: "external", summary: "1975272", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1975272", }, { category: "external", summary: "1975581", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1975581", }, { category: "external", summary: "1979244", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1979244", }, { category: "external", summary: "1979502", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1979502", }, { category: "external", summary: "1980818", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1980818", }, { category: "external", summary: "1981331", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1981331", }, { category: "external", summary: "1983596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", }, { category: "external", summary: "1983756", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1983756", }, { category: "external", summary: "1984284", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1984284", }, { category: "external", summary: "1984334", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1984334", }, { category: "external", summary: "1984396", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1984396", }, { category: "external", summary: "1984735", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1984735", }, { category: "external", summary: "1985074", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1985074", }, { category: "external", summary: "1986444", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1986444", }, { category: "external", summary: "1986794", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1986794", }, { category: "external", summary: "1987806", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1987806", }, { category: "external", summary: "1999748", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1999748", }, { category: "external", summary: "1988518", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1988518", }, { category: "external", summary: "1989482", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1989482", }, { category: "external", summary: "1989564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1989564", }, { category: "external", summary: "1989570", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1989570", }, { category: "external", summary: "1989575", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", }, { category: "external", summary: "1990230", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1990230", }, { category: "external", summary: "1990409", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1990409", }, { category: "external", summary: "1990415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1990415", }, { category: "external", summary: "1991822", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1991822", }, { category: "external", summary: "1992472", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1992472", }, { category: "external", summary: "1994261", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1994261", }, { category: "external", summary: "1994577", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1994577", }, { category: "external", summary: "1994584", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1994584", }, { category: "external", summary: "1994602", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1994602", }, { category: "external", summary: "1999763", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1999763", }, { category: "external", summary: "1994606", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1994606", }, { category: "external", summary: "1994687", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1994687", }, { category: "external", summary: "1995009", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1995009", }, { category: "external", summary: "1995056", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1995056", }, { category: "external", summary: "1995271", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1995271", }, { category: "external", summary: "1995718", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1995718", }, { category: "external", summary: "1997237", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1997237", }, { category: "external", summary: "1997624", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1997624", }, { category: "external", summary: "1997738", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1997738", }, { category: "external", summary: "1997922", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1997922", }, { category: "external", summary: "1998851", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1998851", }, { category: "external", summary: "1999050", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1999050", }, { category: "external", summary: "1999731", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1999731", }, { category: "external", summary: "1999739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1999739", }, { category: "external", summary: "1999767", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1999767", }, { category: "external", summary: "2000082", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2000082", }, { category: "external", summary: "2000098", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2000098", }, { category: "external", summary: "2000143", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2000143", }, { category: "external", summary: "2000190", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2000190", }, { category: "external", summary: "2000579", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2000579", }, { category: "external", summary: "2000588", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2000588", }, { category: "external", summary: "2000860", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2000860", }, { category: "external", summary: "2000865", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2000865", }, { category: "external", summary: "2001482", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2001482", }, { category: "external", summary: "2001539", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2001539", }, { category: "external", summary: "2001580", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2001580", }, { category: "external", summary: "2001970", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2001970", }, { category: "external", summary: "2002225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2002225", }, { category: "external", summary: "2003444", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2003444", }, { category: "external", summary: "2003904", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2003904", }, { category: "external", summary: "2004003", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004003", }, { category: "external", summary: "2004013", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004013", }, { category: "external", summary: "2004030", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004030", }, { category: "external", summary: "2004824", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2004824", }, { category: "external", summary: "2005103", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2005103", }, { category: "external", summary: "2005290", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2005290", }, { category: "external", summary: "2005812", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2005812", }, { category: "external", summary: "2005838", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2005838", }, { category: "external", summary: "2005843", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2005843", }, { category: "external", summary: "2005937", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2005937", }, { category: "external", summary: "2006176", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2006176", }, { category: "external", summary: "2006865", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2006865", }, { category: "external", summary: "2007130", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2007130", }, { category: "external", summary: "2007202", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2007202", }, { category: "external", summary: "2007212", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2007212", }, { category: "external", summary: "2007377", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2007377", }, { category: "external", summary: "2007717", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2007717", }, { category: "external", summary: "2010041", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2010041", }, { category: "external", summary: "2010185", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2010185", }, { category: "external", summary: "2010188", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2010188", }, { category: "external", summary: "2010194", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2010194", }, { category: "external", summary: "2010202", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2010202", }, { category: "external", summary: "2011225", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2011225", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5086.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.9.0 enhancement, security, and bug fix update", tracking: { current_release_date: "2025-03-21T01:00:11+00:00", generator: { date: "2025-03-21T01:00:11+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2021:5086", initial_release_date: "2021-12-13T19:26:22+00:00", revision_history: [ { date: "2021-12-13T19:26:22+00:00", number: "1", summary: "Initial version", }, { date: "2021-12-13T19:26:22+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-21T01:00:11+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product: { name: "Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_data_foundation:4.9::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Data Foundation", }, { branches: [ { category: "product_version", name: "odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", product: { name: "odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", product_id: "odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", product_identification_helper: { purl: "pkg:oci/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745?arch=s390x&repository_url=registry.redhat.io/odf4/cephcsi-rhel8&tag=4.9-164.57484e3.release_4.9", }, }, }, { category: "product_version", name: "odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", product: { name: "odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", product_id: "odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", product_identification_helper: { purl: "pkg:oci/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8&tag=4.9-257.4181add.release_4.9", }, }, }, { category: "product_version", name: "odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", product: { name: "odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", product_id: "odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", product_identification_helper: { purl: "pkg:oci/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-operator-bundle&tag=4.9.0-5", }, }, }, { category: "product_version", name: "odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", product: { name: "odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", product_id: "odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", product_identification_helper: { purl: "pkg:oci/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c?arch=s390x&repository_url=registry.redhat.io/odf4/ocs-rhel8-operator&tag=4.9-257.4181add.release_4.9", }, }, }, { category: "product_version", name: "odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", product: { name: "odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", product_id: "odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", product_identification_helper: { purl: "pkg:oci/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3?arch=s390x&repository_url=registry.redhat.io/odf4/odf-console-rhel8&tag=4.9-39.0f2fa23.release_4.9", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", product: { name: "odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", product_id: "odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", product_identification_helper: { purl: "pkg:oci/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e?arch=s390x&repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle&tag=4.9.0-5", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", product: { name: "odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", product_id: "odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb?arch=s390x&repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator&tag=4.9-30.007b3d8.release_4.9", }, }, }, { category: "product_version", name: "odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", product: { name: "odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", product_id: "odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb?arch=s390x&repository_url=registry.redhat.io/odf/odf-multicluster-rhel8-operator&tag=4.9-30.007b3d8.release_4.9", }, }, }, { category: "product_version", name: "odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", product: { name: "odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", product_id: "odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", product_identification_helper: { purl: "pkg:oci/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220?arch=s390x&repository_url=registry.redhat.io/odf4/odf-operator-bundle&tag=4.9.0-5", }, }, }, { category: "product_version", name: "odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", product: { name: "odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", product_id: "odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", product_identification_helper: { purl: "pkg:oci/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e?arch=s390x&repository_url=registry.redhat.io/odf4/odf-rhel8-operator&tag=4.9-59.c8bbc1f.release_4.9", }, }, }, { category: "product_version", name: "odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", product: { name: "odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", product_id: "odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", product_identification_helper: { purl: "pkg:oci/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7?arch=s390x&repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle&tag=4.9.0-5", }, }, }, { category: "product_version", name: "odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", product: { name: "odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", product_id: "odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", product_identification_helper: { purl: "pkg:oci/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db?arch=s390x&repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle&tag=4.9.0-5", }, }, }, { category: "product_version", name: "odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", product: { name: "odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", product_id: "odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", product_identification_helper: { purl: "pkg:oci/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1?arch=s390x&repository_url=registry.redhat.io/odf4/odr-rhel8-operator&tag=4.9-27.3d037cc.release_4.9", }, }, }, { category: "product_version", name: "odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", product: { name: "odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", product_id: "odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", product_identification_helper: { purl: "pkg:oci/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3?arch=s390x&repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator&tag=4.9-219.c3f67c6.release_4.9", }, }, }, { category: "product_version", name: "odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", product: { name: "odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", product_id: "odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", product_identification_helper: { purl: "pkg:oci/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe?arch=s390x&repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator&tag=4.9-28.82f68db.release_4.9", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", product: { name: "odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", product_id: "odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", product_identification_helper: { purl: "pkg:oci/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849?arch=ppc64le&repository_url=registry.redhat.io/odf4/cephcsi-rhel8&tag=4.9-164.57484e3.release_4.9", }, }, }, { category: "product_version", name: "odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", product: { name: "odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", product_id: "odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8&tag=4.9-257.4181add.release_4.9", }, }, }, { category: "product_version", name: "odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", product: { name: "odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", product_id: "odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-operator-bundle&tag=4.9.0-5", }, }, }, { category: "product_version", name: "odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", product: { name: "odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", product_id: "odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", product_identification_helper: { purl: "pkg:oci/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb?arch=ppc64le&repository_url=registry.redhat.io/odf4/ocs-rhel8-operator&tag=4.9-257.4181add.release_4.9", }, }, }, { category: "product_version", name: "odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", product: { name: "odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", product_id: "odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-console-rhel8&tag=4.9-39.0f2fa23.release_4.9", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", product: { name: "odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", product_id: "odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle&tag=4.9.0-5", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", product: { name: "odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", product_id: "odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator&tag=4.9-30.007b3d8.release_4.9", }, }, }, { category: "product_version", name: "odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", product: { name: "odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", product_id: "odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039?arch=ppc64le&repository_url=registry.redhat.io/odf/odf-multicluster-rhel8-operator&tag=4.9-30.007b3d8.release_4.9", }, }, }, { category: "product_version", name: "odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", product: { name: "odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", product_id: "odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-operator-bundle&tag=4.9.0-5", }, }, }, { category: "product_version", name: "odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", product: { name: "odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", product_id: "odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", product_identification_helper: { purl: "pkg:oci/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff?arch=ppc64le&repository_url=registry.redhat.io/odf4/odf-rhel8-operator&tag=4.9-59.c8bbc1f.release_4.9", }, }, }, { category: "product_version", name: "odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", product: { name: "odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", product_id: "odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", product_identification_helper: { purl: "pkg:oci/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048?arch=ppc64le&repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle&tag=4.9.0-5", }, }, }, { category: "product_version", name: "odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", product: { name: "odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", product_id: "odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", product_identification_helper: { purl: "pkg:oci/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94?arch=ppc64le&repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle&tag=4.9.0-5", }, }, }, { category: "product_version", name: "odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", product: { name: "odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", product_id: "odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", product_identification_helper: { purl: "pkg:oci/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb?arch=ppc64le&repository_url=registry.redhat.io/odf4/odr-rhel8-operator&tag=4.9-27.3d037cc.release_4.9", }, }, }, { category: "product_version", name: "odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", product: { name: "odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", product_id: "odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", product_identification_helper: { purl: "pkg:oci/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab?arch=ppc64le&repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator&tag=4.9-219.c3f67c6.release_4.9", }, }, }, { category: "product_version", name: "odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", product: { name: "odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", product_id: "odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", product_identification_helper: { purl: "pkg:oci/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927?arch=ppc64le&repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator&tag=4.9-28.82f68db.release_4.9", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", product: { name: "odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", product_id: "odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", product_identification_helper: { purl: "pkg:oci/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95?arch=amd64&repository_url=registry.redhat.io/odf4/cephcsi-rhel8&tag=4.9-164.57484e3.release_4.9", }, }, }, { category: "product_version", name: "odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", product: { name: "odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", product_id: "odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", product_identification_helper: { purl: "pkg:oci/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8&tag=4.9-257.4181add.release_4.9", }, }, }, { category: "product_version", name: "odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", product: { name: "odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", product_id: "odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", product_identification_helper: { purl: "pkg:oci/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-operator-bundle&tag=4.9.0-5", }, }, }, { category: "product_version", name: "odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", product: { name: "odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", product_id: "odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", product_identification_helper: { purl: "pkg:oci/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479?arch=amd64&repository_url=registry.redhat.io/odf4/ocs-rhel8-operator&tag=4.9-257.4181add.release_4.9", }, }, }, { category: "product_version", name: "odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", product: { name: "odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", product_id: "odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", product_identification_helper: { purl: "pkg:oci/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181?arch=amd64&repository_url=registry.redhat.io/odf4/odf-console-rhel8&tag=4.9-39.0f2fa23.release_4.9", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", product: { name: "odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", product_id: "odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", product_identification_helper: { purl: "pkg:oci/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f?arch=amd64&repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle&tag=4.9.0-5", }, }, }, { category: "product_version", name: "odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", product: { name: "odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", product_id: "odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d?arch=amd64&repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator&tag=4.9-30.007b3d8.release_4.9", }, }, }, { category: "product_version", name: "odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", product: { name: "odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", product_id: "odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", product_identification_helper: { purl: "pkg:oci/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d?arch=amd64&repository_url=registry.redhat.io/odf/odf-multicluster-rhel8-operator&tag=4.9-30.007b3d8.release_4.9", }, }, }, { category: "product_version", name: "odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", product: { name: "odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", product_id: "odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", product_identification_helper: { purl: "pkg:oci/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948?arch=amd64&repository_url=registry.redhat.io/odf4/odf-operator-bundle&tag=4.9.0-5", }, }, }, { category: "product_version", name: "odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", product: { name: "odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", product_id: "odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", product_identification_helper: { purl: "pkg:oci/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13?arch=amd64&repository_url=registry.redhat.io/odf4/odf-rhel8-operator&tag=4.9-59.c8bbc1f.release_4.9", }, }, }, { category: "product_version", name: "odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", product: { name: "odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", product_id: "odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", product_identification_helper: { purl: "pkg:oci/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5?arch=amd64&repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle&tag=4.9.0-5", }, }, }, { category: "product_version", name: "odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", product: { name: "odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", product_id: "odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", product_identification_helper: { purl: "pkg:oci/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16?arch=amd64&repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle&tag=4.9.0-5", }, }, }, { category: "product_version", name: "odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", product: { name: "odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", product_id: "odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", product_identification_helper: { purl: "pkg:oci/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d?arch=amd64&repository_url=registry.redhat.io/odf4/odr-rhel8-operator&tag=4.9-27.3d037cc.release_4.9", }, }, }, { category: "product_version", name: "odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", product: { name: "odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", product_id: "odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", product_identification_helper: { purl: "pkg:oci/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4?arch=amd64&repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator&tag=4.9-219.c3f67c6.release_4.9", }, }, }, { category: "product_version", name: "odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", product: { name: "odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", product_id: "odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", product_identification_helper: { purl: "pkg:oci/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336?arch=amd64&repository_url=registry.redhat.io/odf4/volume-replication-rhel8-operator&tag=4.9-28.82f68db.release_4.9", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", }, product_reference: "odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64 as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", }, product_reference: "odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", }, product_reference: "odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", }, product_reference: "odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64 as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", }, product_reference: "odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", }, product_reference: "odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", }, product_reference: "odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64 as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", }, product_reference: "odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", }, product_reference: "odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64 as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", }, product_reference: "odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", }, product_reference: "odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", }, product_reference: "odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64 as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", }, product_reference: "odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", }, product_reference: "odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", }, product_reference: "odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", }, product_reference: "odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64 as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", }, product_reference: "odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", }, product_reference: "odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64 as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", }, product_reference: "odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", }, product_reference: "odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", }, product_reference: "odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", }, product_reference: "odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64 as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", }, product_reference: "odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", }, product_reference: "odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64 as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", }, product_reference: "odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", }, product_reference: "odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", }, product_reference: "odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", }, product_reference: "odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64 as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", }, product_reference: "odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", }, product_reference: "odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", }, product_reference: "odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", }, product_reference: "odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64 as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", }, product_reference: "odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64 as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", }, product_reference: "odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", }, product_reference: "odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", }, product_reference: "odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", }, product_reference: "odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", }, product_reference: "odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64 as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", }, product_reference: "odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", }, product_reference: "odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", }, product_reference: "odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64 as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", }, product_reference: "odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64 as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", }, product_reference: "odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", }, product_reference: "odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", relates_to_product_reference: "8Base-RH-ODF-4.9", }, { category: "default_component_of", full_product_name: { name: "odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le as a component of Red Hat OpenShift Data Foundation 4.9 on RHEL-8", product_id: "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", }, product_reference: "odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", relates_to_product_reference: "8Base-RH-ODF-4.9", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "the Kubernetes Product Security Committee", ], }, { names: [ "Patrick Rhomberg", ], organization: "purelyapplied", summary: "Acknowledged by upstream.", }, ], cve: "CVE-2020-8565", cwe: { id: "CWE-117", name: "Improper Output Neutralization for Logs", }, discovery_date: "2020-10-09T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1886638", }, ], notes: [ { category: "description", text: "A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like `kubectl`. Previously, CVE-2019-11250 was assigned for the same issue for logging levels of at least 4.", title: "Vulnerability description", }, { category: "summary", text: "kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9", title: "Vulnerability summary", }, { category: "other", text: "OpenShift Container Platform 4 does not support LogLevels higher than 8 (via 'TraceAll'), and is therefore not affected by this vulnerability.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2020-8565", }, { category: "external", summary: "RHBZ#1886638", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1886638", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2020-8565", url: "https://www.cve.org/CVERecord?id=CVE-2020-8565", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2020-8565", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-8565", }, { category: "external", summary: "https://github.com/kubernetes/kubernetes/issues/95623", url: "https://github.com/kubernetes/kubernetes/issues/95623", }, { category: "external", summary: "https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk", url: "https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk", }, ], release_date: "2020-10-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-12-13T19:26:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:5086", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9", }, { cve: "CVE-2021-32803", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2021-08-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1990415", }, ], notes: [ { category: "description", text: "The npm package \"tar\" (aka node-tar) has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary `stat` calls to determine whether a given path is a directory, paths are cached when directories are created.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Quay 3.3 uses an affected version of nodejs-tar. However Quay 3.3 is in extended life phase and a fix will not be delivered[1]. More recent versions of Red Hat Quay do not include nodejs-tar and are not affected.\n\n1. https://access.redhat.com/support/policy/updates/rhquay\n\nRed Hat Enterprise Linux version 8 and Red Hat Software Collection both embed node-tar in the npm command. However, npm explicitly prevents the extraction of symlink via a filter. npm might still be affected via node-gyp, if the attacker is able to control the target URL.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-32803", }, { category: "external", summary: "RHBZ#1990415", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1990415", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-32803", url: "https://www.cve.org/CVERecord?id=CVE-2021-32803", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-32803", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-32803", }, { category: "external", summary: "https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw", url: "https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw", }, ], release_date: "2021-08-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-12-13T19:26:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:5086", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite", }, { cve: "CVE-2021-32804", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2021-08-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1990409", }, ], notes: [ { category: "description", text: "The npm package \"tar\" (aka node-tar) has an arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the `preservePaths` flag is not set to `true`. This is achieved by stripping the absolute path root from any absolute file paths contained in a tar file.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Quay 3.3 uses an affected version of nodejs-tar. However Quay 3.3 is in extended life phase and a fix will not be delivered[1]. More recent versions of Red Hat Quay do not include nodejs-tar and are not affected.\n\n1. https://access.redhat.com/support/policy/updates/rhquay\n\nRed Hat Enterprise Linux version 8 and Red Hat Software Collection both embed node-tar in the npm command. A specially crafted node module could create and overwrite files outside of its dedicated directory.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-32804", }, { category: "external", summary: "RHBZ#1990409", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1990409", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-32804", url: "https://www.cve.org/CVERecord?id=CVE-2021-32804", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-32804", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-32804", }, { category: "external", summary: "https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9", url: "https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9", }, ], release_date: "2021-08-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-12-13T19:26:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:5086", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite", }, { cve: "CVE-2021-33195", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-08-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1989564", }, ], notes: [ { category: "description", text: "A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integrity.", title: "Vulnerability description", }, { category: "summary", text: "golang: net: lookup functions may return invalid host names", title: "Vulnerability summary", }, { category: "other", text: "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-33195", }, { category: "external", summary: "RHBZ#1989564", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1989564", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-33195", url: "https://www.cve.org/CVERecord?id=CVE-2021-33195", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-33195", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-33195", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", url: "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", }, ], release_date: "2021-05-18T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-12-13T19:26:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:5086", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net: lookup functions may return invalid host names", }, { cve: "CVE-2021-33197", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-08-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1989570", }, ], notes: [ { category: "description", text: "A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity.", title: "Vulnerability description", }, { category: "summary", text: "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty", title: "Vulnerability summary", }, { category: "other", text: "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* For Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the golang-qpid-apache package.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-33197", }, { category: "external", summary: "RHBZ#1989570", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1989570", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-33197", url: "https://www.cve.org/CVERecord?id=CVE-2021-33197", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-33197", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-33197", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", url: "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", }, ], release_date: "2021-05-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-12-13T19:26:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:5086", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty", }, { cve: "CVE-2021-33198", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-08-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1989575", }, ], notes: [ { category: "description", text: "A flaw was found in Go, where it attempts to allocate excessive memory. This issue may cause panic or unrecoverable fatal error if passed inputs with very large exponents. The highest threat from this vulnerability is to system availability.", title: "Vulnerability description", }, { category: "summary", text: "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents", title: "Vulnerability summary", }, { category: "other", text: "* Since OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* In Service Telemetry Framework, because the flaw has a lower impact and the package is not directly used by STF, no updates will be provided at this time for the STF containers.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-33198", }, { category: "external", summary: "RHBZ#1989575", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-33198", url: "https://www.cve.org/CVERecord?id=CVE-2021-33198", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-33198", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-33198", }, { category: "external", summary: "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", url: "https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI", }, ], release_date: "2021-03-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-12-13T19:26:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:5086", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents", }, { cve: "CVE-2021-34558", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-07-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1983596", }, ], notes: [ { category: "description", text: "A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected.", title: "Vulnerability description", }, { category: "summary", text: "golang: crypto/tls: certificate of wrong type is causing TLS client to panic", title: "Vulnerability summary", }, { category: "other", text: "* This vulnerability potentially affects any component written in Go that uses crypto/tls from the standard library. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n - OpenShift Container Platform\n - OpenShift distributed tracing (formerly OpenShift Jaeger)\n - OpenShift Migration Toolkit for Containers\n - Red Hat Advanced Cluster Management for Kubernetes\n - Red Hat OpenShift on AWS\n - Red Hat OpenShift Virtualization\n\n* Because OpenShift Container Platform 3.11 is in Maintenance Phase of the support, only Important and Critical severity vulnerabilities will be addressed at this time.\n\n* Because Service Telemetry Framework1.2 will be retiring soon and the flaw's impact is lower, no update will be provided at this time for STF1.2's containers.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-34558", }, { category: "external", summary: "RHBZ#1983596", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-34558", url: "https://www.cve.org/CVERecord?id=CVE-2021-34558", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-34558", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-34558", }, { category: "external", summary: "https://golang.org/doc/devel/release#go1.15.minor", url: "https://golang.org/doc/devel/release#go1.15.minor", }, { category: "external", summary: "https://golang.org/doc/devel/release#go1.16.minor", url: "https://golang.org/doc/devel/release#go1.16.minor", }, ], release_date: "2021-07-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-12-13T19:26:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:5086", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "golang: crypto/tls: certificate of wrong type is causing TLS client to panic", }, { cve: "CVE-2021-37701", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2021-08-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1999731", }, ], notes: [ { category: "description", text: "A flaw was found in the npm package \"tar\" (aka node-tar). Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on directories. This flaw allows an untrusted tar file to extract and overwrite files into an arbitrary location. A similar confusion can arise on case-insensitive filesystems. The highest threat from this vulnerability is to integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux version 8 and Red Hat Software Collection both embed `node-tar` in the npm command. However, npm explicitly prevents the extraction of symlink via a filter. npm might still be affected via node-gyp, if the attacker is able to control the target URL.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37701", }, { category: "external", summary: "RHBZ#1999731", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1999731", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37701", url: "https://www.cve.org/CVERecord?id=CVE-2021-37701", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37701", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37701", }, { category: "external", summary: "https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc", url: "https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc", }, { category: "external", summary: "https://www.npmjs.com/advisories/1779", url: "https://www.npmjs.com/advisories/1779", }, ], release_date: "2021-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-12-13T19:26:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:5086", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite", }, { cve: "CVE-2021-37712", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2021-08-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "1999739", }, ], notes: [ { category: "description", text: "A flaw was found in the npm package \"tar\" (aka node-tar). Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an untrusted tar file to extract and overwrite files into an arbitrary location. The highest threat from this vulnerability is to integrity and system availability.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite", title: "Vulnerability summary", }, { category: "other", text: "Red Hat Enterprise Linux version 8 and Red Hat Software Collection both embed `node-tar` in the npm command. However, npm explicitly prevents the extraction of symlink via a filter. npm might still be affected via node-gyp, if the attacker is able to control the target URL.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-37712", }, { category: "external", summary: "RHBZ#1999739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1999739", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-37712", url: "https://www.cve.org/CVERecord?id=CVE-2021-37712", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-37712", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-37712", }, { category: "external", summary: "https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p", url: "https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p", }, { category: "external", summary: "https://www.npmjs.com/advisories/1780", url: "https://www.npmjs.com/advisories/1780", }, ], release_date: "2021-08-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2021-12-13T19:26:22+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2021:5086", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:6bb536ff91903016dcce91fcf6df30286321b7a415bcca68d22ca0a283406745_s390x", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:7c3beaacde875028141485219de5c780c3c30b146bcc533dfe1eb6c562a65b95_amd64", "8Base-RH-ODF-4.9:odf4/cephcsi-rhel8@sha256:f3b19e5732308b4d40f1b605169ac3f15a03194cb4dd47819ef073f36a0d1849_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:38d08ac83d988cda406d8cc6c2209ece706e125da07e202996f606c22c914349_s390x", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b0211a2fdad8d5e6fdefeece952aa9c51598b74d74a12d5adec4bed4e2783b2d_amd64", "8Base-RH-ODF-4.9:odf4/ocs-must-gather-rhel8@sha256:b1b008efb550c5fce0797378d96bb191a0c28aa15e813d759786e663fabb0274_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:19baeee4a9db7519f1b88a885034be1e35423f34854323ac4a1b0e88e881bc3f_amd64", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:7507787d2c8f920c718c15b93e9c24f7edf8047a24c7c0c2024d70915d7ff1d2_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-operator-bundle@sha256:af844ee09da74a2bf95779de502b683982cfb54227f196f24ef07221af5ec9d8_s390x", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:1fe31ad232d5ffc1eb202db0f83eb882eeca1bde83ba282fe412485c5b2bc479_amd64", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:355c50572c534973734eaeb171375bae9e0342504942b28585f5498829ae8aeb_ppc64le", "8Base-RH-ODF-4.9:odf4/ocs-rhel8-operator@sha256:b02b6d2cd44672787e0fa5569074c4a8cdcc6fde0206fe01ef6d9d70a6385d0c_s390x", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:02777f2cd36c40d5c09a28116e24c1c7a8ee0c6030d680281e042d08e1fd61f6_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:71724ee7baa629a98b4bf979e232dd128a313a2fa1eb4156c5b69593c99ec181_amd64", "8Base-RH-ODF-4.9:odf4/odf-console-rhel8@sha256:fd1659e10e099871d6a956bb26c3c17ed9a9bccc5ed90768514be8b0dcc34ff3_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:5a3e1458b856d295ba8fa9d075845d2524c6130d60db07b85cce99f5719a014f_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:b66338b35316b95d01fc30a207fd80227c2cb0cbc06ee516230dbb4e2c2e369e_s390x", "8Base-RH-ODF-4.9:odf4/odf-multicluster-operator-bundle@sha256:ee9641382dcfccd9db92c66bab549c0b44a218572e40011c2e22b651d4ff64af_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:17be1d705d7339f6e5f10d77c065c7a876c248c0913f625754443e58279c5039_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:446de9c6969efa219fd09aca97e8f1d34a18aa5a1553cad93ea03d1c99d75e9d_amd64", "8Base-RH-ODF-4.9:odf4/odf-multicluster-rhel8-operator@sha256:80c5ca69a4a153fe862d2edc12910131b9edaf3dd4ad544c2a30d1e363bf4bdb_s390x", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:2231fc5ebf70c6165947bdc31f95b6deaa69f1efbd6c6194b457e2ad7bb10948_amd64", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:5d47bf5c8aaadc387d2bde705cfc3238436bd29547139e6ce82bb3c9512da7f4_ppc64le", "8Base-RH-ODF-4.9:odf4/odf-operator-bundle@sha256:f51b12d4d34949b0932386e26af1c33db240d95a3e20b0ccdb469e4596124220_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:43679e013dacc86f5d181455fd533bc32a1d1b48e8cd2b0a88905c941127c09e_s390x", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:bbfcc2e62edb26b19578242800bf654cd74efbb33ff81273d62e207deff15c13_amd64", "8Base-RH-ODF-4.9:odf4/odf-rhel8-operator@sha256:ec0bd017c0ee777a3347c5fa83417fbb9f7d9e69fed7d6091b2e9a87dbaa9bff_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:5154833553993db3075424d9d0799548b0031123811832004d876c307becd6c7_s390x", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:95f7e6d4b0bfbbebd6f88b6a38e44e617d43bb2c10d473faa581fc235bdb7048_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-cluster-operator-bundle@sha256:f936b221644cebeea79a937c03261911fd2cc2181adcfc9381b2bd3890bb00d5_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:088270d599e6b65a321c2267057c655acad9e7df8baf2066c6da128d85479a16_amd64", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:0cfd5566150cd039abf04aaaa52cb95e86bc2e1044c64a58c4a5cd372f415c94_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-hub-operator-bundle@sha256:972d770ad4d54dd8663a715b81112c84ebf29ef4724190ffb440608c5fb665db_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:49df4d5554221b8aea998b9e06a24c01735d17c488aee4cbaf084bc0fedc5fcb_ppc64le", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:d9485425d2ce02a7279f7fb8e857f070f0fec7753f1219824e5988a5f14023e1_s390x", "8Base-RH-ODF-4.9:odf4/odr-rhel8-operator@sha256:ed5f3964c9c2e4e9e1da1b5759f7abbdc8f7139ee3d3c7984aca2491bde23b2d_amd64", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:0108cf6fabd19895a2be1b0a7cf0a33892a720d2b480b97e689100973f3d08ab_ppc64le", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:063bf4439fe8f803a21bc3c30e7afc8d9cfa7959a4635223ad176a1d9d1083b3_s390x", "8Base-RH-ODF-4.9:odf4/rook-ceph-rhel8-operator@sha256:edcab10440eebf3ea2732e1d345de9da8e598d3871e4ebf13d8b9cde7186f0b4_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:4fdaa73a9dc52c03407b845759f5bfa42289cbfcc62f23a000e1200399ff1336_amd64", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:536340adaaa6ff74a0305cc350b85d92fdfc36c30012d7875c7527c672b14ebe_s390x", "8Base-RH-ODF-4.9:odf4/volume-replication-rhel8-operator@sha256:62e9c97030fc7ab33e36f2d76f9a566f015498c80ab0b8a6e9b5b02ab6895927_ppc64le", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.