rhsa-2021_2865
Vulnerability from csaf_redhat
Published
2021-07-22 15:14
Modified
2024-11-05 23:48
Summary
Red Hat Security Advisory: RHV Manager (ovirt-engine) security update [ovirt-4.4.7]
Notes
Topic
Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The ovirt-engine package provides the manager for virtualization environments.
This manager enables admins to define hosts and networks, as well as to add
storage, create VMs and manage user permissions.
Security Fix(es):
* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)
* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)
* nodejs-ua-parser-js: Regular expression denial of service via the regex (CVE-2020-7733)
* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Foreman integration, which allows you to provision bare metal hosts from the Administration Portal using Foreman and then added to the Manager, was deprecated in oVirt 4.4.6 / RHV 4.4.6 and removed completely in oVirt 4.4.7 / RHV 4.4.7.
Similar functionality to provision bare metal hosts can be achieved using Foreman directly and adding an already provisioned host using the Administration Portal or the REST API. (BZ#1901011)
* Adding a message banner to the web administration welcome page is straight forward using custom branding that only contains a preamble section.
An example of preamble branding is given here: https://bugzilla.redhat.com/attachment.cgi?id=1783329.
In an engine upgrade, the custom preamble brand remains in place and will work without issue.
During engine backup and subsequent restore, on engine restore the custom preamble branding needs to be manually restored/reinstalled and verified. (BZ#1804774)
* The column name threads_per_core in the Red hat Virtualization manager Dashboard is being deprecated, and will be removed in a future release.
In version 4.4.7.2 the column name for threads_per_core will be changed to number_of_threads.
In the Data Warehouse, the old name will be retained as an additional alias, resulting in 2 columns providing the same data: number_of_threads and threads_per_core, and threads_per_core will be removed in a future version. (BZ#1896359)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The ovirt-engine package provides the manager for virtualization environments.\nThis manager enables admins to define hosts and networks, as well as to add\nstorage, create VMs and manage user permissions.\n\nSecurity Fix(es):\n\n* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-ua-parser-js: Regular expression denial of service via the regex (CVE-2020-7733)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Foreman integration, which allows you to provision bare metal hosts from the Administration Portal using Foreman and then added to the Manager, was deprecated in oVirt 4.4.6 / RHV 4.4.6 and removed completely in oVirt 4.4.7 / RHV 4.4.7.\n\nSimilar functionality to provision bare metal hosts can be achieved using Foreman directly and adding an already provisioned host using the Administration Portal or the REST API. (BZ#1901011)\n\n* Adding a message banner to the web administration welcome page is straight forward using custom branding that only contains a preamble section. \nAn example of preamble branding is given here: https://bugzilla.redhat.com/attachment.cgi?id=1783329.\n\nIn an engine upgrade, the custom preamble brand remains in place and will work without issue.\n\nDuring engine backup and subsequent restore, on engine restore the custom preamble branding needs to be manually restored/reinstalled and verified. (BZ#1804774)\n\n* The column name threads_per_core in the Red hat Virtualization manager Dashboard is being deprecated, and will be removed in a future release.\nIn version 4.4.7.2 the column name for threads_per_core will be changed to number_of_threads.\nIn the Data Warehouse, the old name will be retained as an additional alias, resulting in 2 columns providing the same data: number_of_threads and threads_per_core, and threads_per_core will be removed in a future version. (BZ#1896359)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2865", "url": "https://access.redhat.com/errata/RHSA-2021:2865" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1752996", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752996" }, { "category": "external", "summary": "1765644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765644" }, { "category": "external", "summary": "1779983", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1779983" }, { "category": "external", "summary": "1804774", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804774" }, { "category": "external", "summary": "1817346", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817346" }, { "category": "external", "summary": "1877478", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877478" }, { "category": "external", "summary": "1879733", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879733" }, { "category": "external", "summary": "1887434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887434" }, { "category": "external", "summary": "1888354", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1888354" }, { "category": "external", "summary": "1896359", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1896359" }, { "category": "external", "summary": "1901011", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901011" }, { "category": "external", "summary": "1902179", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902179" }, { "category": "external", "summary": "1937714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937714" }, { "category": "external", "summary": "1939198", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939198" }, { "category": "external", "summary": "1941581", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941581" }, { "category": "external", "summary": "1944286", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286" }, { "category": "external", "summary": "1945459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459" }, { "category": "external", "summary": "1946876", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946876" }, { "category": "external", "summary": "1951579", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951579" }, { "category": "external", "summary": "1954878", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954878" }, { "category": "external", "summary": "1955582", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955582" }, { "category": "external", "summary": "1956818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956818" }, { "category": "external", "summary": "1960968", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960968" }, { "category": "external", "summary": "1961338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961338" }, { "category": "external", "summary": "1967169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1967169" }, { "category": "external", "summary": "1970718", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970718" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2865.json" } ], "title": "Red Hat Security Advisory: RHV Manager (ovirt-engine) security update [ovirt-4.4.7]", "tracking": { "current_release_date": "2024-11-05T23:48:39+00:00", "generator": { "date": "2024-11-05T23:48:39+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:2865", "initial_release_date": "2021-07-22T15:14:23+00:00", "revision_history": [ { "date": "2021-07-22T15:14:23+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-07-22T15:14:23+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:48:39+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product": { "name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8" } } } ], "category": "product_family", "name": "Red Hat Virtualization" }, { "branches": [ { "category": "product_version", "name": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "product": { "name": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "product_id": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap@1.4.4-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "product": { "name": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "product_id": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.10-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "rhvm-branding-rhv-0:4.4.9-1.el8ev.src", "product": { "name": "rhvm-branding-rhv-0:4.4.9-1.el8ev.src", "product_id": "rhvm-branding-rhv-0:4.4.9-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.4.9-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src", "product": { "name": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src", "product_id": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.2.7-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-web-ui-0:1.7.0-1.el8ev.src", "product": { "name": "ovirt-web-ui-0:1.7.0-1.el8ev.src", "product_id": "ovirt-web-ui-0:1.7.0-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-web-ui@1.7.0-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "product": { "name": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "product_id": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.4.7.3-1.el8ev?arch=src" } } }, { "category": "product_version", "name": "ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "product": { "name": "ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "product_id": "ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine@4.4.7.6-0.11.el8ev?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "product": { "name": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "product_id": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap@1.4.4-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "product": { "name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "product_id": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-extension-aaa-ldap-setup@1.4.4-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "product": { "name": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "product_id": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.10-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "product": { "name": "rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "product_id": "rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.4.9-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "product": { "name": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "product_id": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.2.7-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "product": { "name": "ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "product_id": "ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-web-ui@1.7.0-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "product": { "name": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "product_id": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.4.7.3-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "product": { "name": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "product_id": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh-grafana-integration-setup@4.4.7.3-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "product": { "name": "ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "product_id": "ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dwh-setup@4.4.7.3-1.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-backend@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-tools@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.4.7.6-0.11.el8ev?arch=noarch" } } }, { "category": "product_version", "name": "rhvm-0:4.4.7.6-0.11.el8ev.noarch", "product": { "name": "rhvm-0:4.4.7.6-0.11.el8ev.noarch", "product_id": "rhvm-0:4.4.7.6-0.11.el8ev.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhvm@4.4.7.6-0.11.el8ev?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-0:4.4.7.6-0.11.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src" }, "product_reference": "ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch" }, "product_reference": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src" }, "product_reference": "ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch" }, "product_reference": "ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch" }, "product_reference": "ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch" }, "product_reference": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src" }, "product_reference": "ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch" }, "product_reference": "ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch" }, "product_reference": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" }, "product_reference": "ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-web-ui-0:1.7.0-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch" }, "product_reference": "ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "ovirt-web-ui-0:1.7.0-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src" }, "product_reference": "ovirt-web-ui-0:1.7.0-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch" }, "product_reference": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src" }, "product_reference": "rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-0:4.4.7.6-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch" }, "product_reference": "rhvm-0:4.4.7.6-0.11.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch" }, "product_reference": "rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "relates_to_product_reference": "8Base-RHV-S-4.4" }, { "category": "default_component_of", "full_product_name": { "name": "rhvm-branding-rhv-0:4.4.9-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4", "product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" }, "product_reference": "rhvm-branding-rhv-0:4.4.9-1.el8ev.src", "relates_to_product_reference": "8Base-RHV-S-4.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-7733", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-09-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1879733" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-ua-parser-js. The software is vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ua-parser-js: Regular expression denial of service via the regex", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenShift Container Platform 4 delivers the kibana package where the ua-parser-js library is bundled, but during the update to container first (to openshift4/ose-logging-kibana6) the dependency was removed and hence kibana package is marked as wontfix. This may be fixed in the future.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-7733" }, { "category": "external", "summary": "RHBZ#1879733", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879733" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7733", "url": "https://www.cve.org/CVERecord?id=CVE-2020-7733" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7733", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7733" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226", "url": "https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226" } ], "release_date": "2020-09-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-22T15:14:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2865" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-ua-parser-js: Regular expression denial of service via the regex" }, { "cve": "CVE-2020-28469", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-04-01T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1945459" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent function. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-glob-parent: Regular expression denial of service", "title": "Vulnerability summary" }, { "category": "other", "text": "While some components do package a vulnerable version of glob-parent, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. This applies to the following products:\n - OpenShift Container Platform (OCP)\n - OpenShift ServiceMesh (OSSM)\n - Red Hat Advanced Cluster Management for Kubernetes (RHACM)\n - OpenShift distributed tracing", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28469" }, { "category": "external", "summary": "RHBZ#1945459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28469", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905", "url": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905" } ], "release_date": "2021-01-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-22T15:14:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2865" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-glob-parent: Regular expression denial of service" }, { "cve": "CVE-2021-23343", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-05-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956818" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe", "title": "Vulnerability summary" }, { "category": "other", "text": "In Red Had Quay , whilst a vulnerable version of `path-parse` is included in the quay-rhel8 container it is a development dependency only, hence the impact by this vulnerability is low.\n\nIn OpenShift Container Platform (OCP), the hadoop component which is a part of the OCP metering stack, ships the vulnerable version of \u0027path-parse\u0027.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected component is marked as wontfix.\nThis may be fixed in the future.\n\nIn Red Hat OpenShift Container Storage 4 the noobaa-core container includes the affected version of `path-parse`, however the vulnerable functionality is currently not used in any part of the product.\n\nIn Red Hat Virtualization cockpit-ovirt, ovirt-engine-ui-extensions and ovirt-web-ui use vulnerable version of `path-parse`, however for cockpit-ovirt it is a development time dependency only, and for ovirt-engine-ui-extensions and ovirt-web-ui the vulnerable functions are never used.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23343" }, { "category": "external", "summary": "RHBZ#1956818", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956818" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23343", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23343" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23343", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23343" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067", "url": "https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067" } ], "release_date": "2021-05-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-22T15:14:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2865" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe" }, { "cve": "CVE-2021-23358", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2021-03-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1944286" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-underscore: Arbitrary code execution via the template function", "title": "Vulnerability summary" }, { "category": "other", "text": "Whilst the OpenShift Container Platform (OCP) openshift4/ose-grafana and openshift3/grafana as well as console, grc-ui and search-ui containers for Red Hat Advanced Management for Kubernetes (RHACM) include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Additionally this library is used in openshift4/ose-grafana container only in Grafana End-to-End Test package. Therefore the impact by this flaw is reduced to Low and the affected OCP components are marked as \"will not fix\" at this time and to Moderate for the affected RHACM components. This might be fixed in a future release.\n\nRed Hat Enterprise Virtualization includes the vulnerable underscore library, however it is not parsing any untrusted data, therefore impact is reduced to Low.\n\nBelow Red Hat products include the underscore dependency, but it is not used by the product and hence this issue has been rated as having a security impact of Low.\n\n* Red Hat Quay\n* Red Hat Gluster Storage 3\n* Red Hat OpenShift Container Storage 4\n* Red Hat Ceph Storage 3 and 4", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ], "known_not_affected": [ "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-0:4.4.7.6-0.11.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.4.7.3-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.4.7.3-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-0:1.4.4-1.el8ev.src", "8Base-RHV-S-4.4:ovirt-engine-extension-aaa-ldap-setup-0:1.4.4-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-web-ui-0:1.7.0-1.el8ev.src", "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.noarch", "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.10-1.el8ev.src", "8Base-RHV-S-4.4:rhvm-0:4.4.7.6-0.11.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.noarch", "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.4.9-1.el8ev.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23358" }, { "category": "external", "summary": "RHBZ#1944286", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23358", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23358" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358" } ], "release_date": "2021-03-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-07-22T15:14:23+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891", "product_ids": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2865" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.noarch", "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.2.7-1.el8ev.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-underscore: Arbitrary code execution via the template function" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.