rhsa-2021_3694
Vulnerability from csaf_redhat
Published
2021-09-29 14:34
Modified
2024-11-05 23:57
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.0 security & bugfix update
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.6.0 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security fixes:
* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "The Migration Toolkit for Containers (MTC) 1.6.0 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity fixes:\n\n* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:3694", "url": "https://access.redhat.com/errata/RHSA-2021:3694" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1878824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1878824" }, { "category": "external", "summary": "1887526", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887526" }, { "category": "external", "summary": "1899562", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1899562" }, { "category": "external", "summary": "1936886", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936886" }, { "category": "external", "summary": "1936894", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936894" }, { "category": "external", "summary": "1949117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949117" }, { "category": "external", "summary": "1951869", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951869" }, { "category": "external", "summary": "1968621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968621" }, { "category": "external", "summary": "1970338", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970338" }, { "category": "external", "summary": "1974737", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974737" }, { "category": "external", "summary": "1975369", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975369" }, { "category": "external", "summary": "1975372", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975372" }, { "category": "external", "summary": "1976895", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976895" }, { "category": "external", "summary": "1981810", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981810" }, { "category": "external", "summary": "1982026", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982026" }, { "category": "external", "summary": "1994985", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994985" }, { "category": "external", "summary": "1996169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996169" }, { "category": "external", "summary": "1996627", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996627" }, { "category": "external", "summary": "1996784", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996784" }, { "category": "external", "summary": "1996902", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996902" }, { "category": "external", "summary": "1996904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996904" }, { "category": "external", "summary": "1996906", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996906" }, { "category": "external", "summary": "1996938", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996938" }, { "category": "external", "summary": "1997051", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997051" }, { "category": "external", "summary": "1997127", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997127" }, { "category": "external", "summary": "1997173", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997173" }, { "category": "external", "summary": "1997180", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997180" }, { "category": "external", "summary": "1997665", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997665" }, { "category": "external", "summary": "1997694", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997694" }, { "category": "external", "summary": "1997827", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997827" }, { "category": "external", "summary": "1998062", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998062" }, { "category": "external", "summary": "1998283", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998283" }, { "category": "external", "summary": "1998550", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998550" }, { "category": "external", "summary": "1998581", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998581" }, { "category": "external", "summary": "1999113", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999113" }, { "category": "external", "summary": "1999381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999381" }, { "category": "external", "summary": "1999528", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999528" }, { "category": "external", "summary": "1999765", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999765" }, { "category": "external", "summary": "1999784", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999784" }, { "category": "external", "summary": "2000205", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000205" }, { "category": "external", "summary": "2000218", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000218" }, { "category": "external", "summary": "2000243", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000243" }, { "category": "external", "summary": "2000644", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000644" }, { "category": "external", "summary": "2000875", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000875" }, { "category": "external", "summary": "2000979", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000979" }, { "category": "external", "summary": "2001089", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001089" }, { "category": "external", "summary": "2001173", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001173" }, { "category": "external", "summary": "2001786", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001786" }, { "category": "external", "summary": "2001829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001829" }, { "category": "external", "summary": "2001941", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001941" }, { "category": "external", "summary": "2002420", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2002420" }, { "category": "external", "summary": "2002608", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2002608" }, { "category": "external", "summary": "2002897", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2002897" }, { "category": "external", "summary": "2003603", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003603" }, { "category": "external", "summary": "2004601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004601" }, { "category": "external", "summary": "2004923", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2004923" }, { "category": "external", "summary": "2005143", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005143" }, { "category": "external", "summary": "2006316", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006316" }, { "category": "external", "summary": "2007175", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007175" }, { "category": "external", "summary": "MIG-785", "url": "https://issues.redhat.com/browse/MIG-785" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3694.json" } ], "title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.6.0 security \u0026 bugfix update", "tracking": { "current_release_date": "2024-11-05T23:57:46+00:00", "generator": { "date": "2024-11-05T23:57:46+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:3694", "initial_release_date": "2021-09-29T14:34:25+00:00", "revision_history": [ { "date": "2021-09-29T14:34:25+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-09-29T14:34:25+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:57:46+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "8Base-RHMTC-1.6", "product": { "name": "8Base-RHMTC-1.6", "product_id": "8Base-RHMTC-1.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhmt:1.6::el8" } } } ], "category": "product_family", "name": "Red Hat Migration Toolkit" }, { "branches": [ { "category": "product_version", "name": "rhmtc/openshift-migration-controller-rhel8@sha256:5dacb0bb125600adb6fecdc9ac583f38877960ae207cb21e925a1df4d36c9973_amd64", "product": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:5dacb0bb125600adb6fecdc9ac583f38877960ae207cb21e925a1df4d36c9973_amd64", "product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:5dacb0bb125600adb6fecdc9ac583f38877960ae207cb21e925a1df4d36c9973_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:5dacb0bb125600adb6fecdc9ac583f38877960ae207cb21e925a1df4d36c9973?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.6.0-17" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:efca0066bcee905c93b907d30f5a5dac779b5fdab573eba2a6af738c275658ff_amd64", "product": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:efca0066bcee905c93b907d30f5a5dac779b5fdab573eba2a6af738c275658ff_amd64", "product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:efca0066bcee905c93b907d30f5a5dac779b5fdab573eba2a6af738c275658ff_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:efca0066bcee905c93b907d30f5a5dac779b5fdab573eba2a6af738c275658ff?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.6.0-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:4ecda5f0f4ab61eb28d2b513cf373a18d7965acf2c3f81845fa6b9ace90cc1d0_amd64", "product": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:4ecda5f0f4ab61eb28d2b513cf373a18d7965acf2c3f81845fa6b9ace90cc1d0_amd64", "product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:4ecda5f0f4ab61eb28d2b513cf373a18d7965acf2c3f81845fa6b9ace90cc1d0_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:4ecda5f0f4ab61eb28d2b513cf373a18d7965acf2c3f81845fa6b9ace90cc1d0?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.6.0-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-rhel8-operator@sha256:5b1911b8e44a717866d7249abd966e487c6925e5eb77eaf507922866928badb6_amd64", "product": { "name": "rhmtc/openshift-migration-rhel8-operator@sha256:5b1911b8e44a717866d7249abd966e487c6925e5eb77eaf507922866928badb6_amd64", "product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:5b1911b8e44a717866d7249abd966e487c6925e5eb77eaf507922866928badb6_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:5b1911b8e44a717866d7249abd966e487c6925e5eb77eaf507922866928badb6?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.6.0-31" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-operator-bundle@sha256:f3dfe6ccf078244debab1ae4571b20b7ecd884cd8d382a6dc10f4a479dce2c34_amd64", "product": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:f3dfe6ccf078244debab1ae4571b20b7ecd884cd8d382a6dc10f4a479dce2c34_amd64", "product_id": "rhmtc/openshift-migration-operator-bundle@sha256:f3dfe6ccf078244debab1ae4571b20b7ecd884cd8d382a6dc10f4a479dce2c34_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-operator-bundle@sha256:f3dfe6ccf078244debab1ae4571b20b7ecd884cd8d382a6dc10f4a479dce2c34?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.6.0-37" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-registry-rhel8@sha256:4603fc328b26a8dc454e1cb690f9d1b6534d2e51a806fc474158447fbe8fe6eb_amd64", "product": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:4603fc328b26a8dc454e1cb690f9d1b6534d2e51a806fc474158447fbe8fe6eb_amd64", "product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:4603fc328b26a8dc454e1cb690f9d1b6534d2e51a806fc474158447fbe8fe6eb_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:4603fc328b26a8dc454e1cb690f9d1b6534d2e51a806fc474158447fbe8fe6eb?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.6.0-5" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:3678c6f67225f0f37c022bc2604a6a5d78f15b7b57ba9073d06fa3466a3a0526_amd64", "product": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:3678c6f67225f0f37c022bc2604a6a5d78f15b7b57ba9073d06fa3466a3a0526_amd64", "product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:3678c6f67225f0f37c022bc2604a6a5d78f15b7b57ba9073d06fa3466a3a0526_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:3678c6f67225f0f37c022bc2604a6a5d78f15b7b57ba9073d06fa3466a3a0526?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.6.0-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-ui-rhel8@sha256:19b8e2f0872faa1d1643d28aa3b893debfe22b102d049c02f335a622c29e3506_amd64", "product": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:19b8e2f0872faa1d1643d28aa3b893debfe22b102d049c02f335a622c29e3506_amd64", "product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:19b8e2f0872faa1d1643d28aa3b893debfe22b102d049c02f335a622c29e3506_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:19b8e2f0872faa1d1643d28aa3b893debfe22b102d049c02f335a622c29e3506?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.6.0-24" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-rhel8@sha256:697b57a7150f26cbc08ada7c8c5683819d87351cf713614ac9002706463c4392_amd64", "product": { "name": "rhmtc/openshift-migration-velero-rhel8@sha256:697b57a7150f26cbc08ada7c8c5683819d87351cf713614ac9002706463c4392_amd64", "product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:697b57a7150f26cbc08ada7c8c5683819d87351cf713614ac9002706463c4392_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:697b57a7150f26cbc08ada7c8c5683819d87351cf713614ac9002706463c4392?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.6.0-9" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:02907e535f56c3c46921fe8a405adde11af6a43013ab467628f36a2bde708415_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:02907e535f56c3c46921fe8a405adde11af6a43013ab467628f36a2bde708415_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:02907e535f56c3c46921fe8a405adde11af6a43013ab467628f36a2bde708415_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:02907e535f56c3c46921fe8a405adde11af6a43013ab467628f36a2bde708415?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.6.0-5" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:b4272ea9b671da7ad0b1d9111e04b1a8505e7d9efe515d41495a8d3e56b4fb45_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:b4272ea9b671da7ad0b1d9111e04b1a8505e7d9efe515d41495a8d3e56b4fb45_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:b4272ea9b671da7ad0b1d9111e04b1a8505e7d9efe515d41495a8d3e56b4fb45_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:b4272ea9b671da7ad0b1d9111e04b1a8505e7d9efe515d41495a8d3e56b4fb45?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.6.0-5" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:881751792fff5803a45a3f4d328d6fd4aaff4f188ea937d0a2b58597d6ee585d_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:881751792fff5803a45a3f4d328d6fd4aaff4f188ea937d0a2b58597d6ee585d_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:881751792fff5803a45a3f4d328d6fd4aaff4f188ea937d0a2b58597d6ee585d_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:881751792fff5803a45a3f4d328d6fd4aaff4f188ea937d0a2b58597d6ee585d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.6.0-5" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:8ac2f63fe953daa4caba44e60c65ffa9d3c6653af72ce46cbe423b6da796f33c_amd64", "product": { "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:8ac2f63fe953daa4caba44e60c65ffa9d3c6653af72ce46cbe423b6da796f33c_amd64", "product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:8ac2f63fe953daa4caba44e60c65ffa9d3c6653af72ce46cbe423b6da796f33c_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:8ac2f63fe953daa4caba44e60c65ffa9d3c6653af72ce46cbe423b6da796f33c?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.6.0-9" } } }, { "category": "product_version", "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6d63774d8b54a62058ee03daf4056dde060f1415eee6b8323d5ebfcec4dd5f6e_amd64", "product": { "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6d63774d8b54a62058ee03daf4056dde060f1415eee6b8323d5ebfcec4dd5f6e_amd64", "product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:6d63774d8b54a62058ee03daf4056dde060f1415eee6b8323d5ebfcec4dd5f6e_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:6d63774d8b54a62058ee03daf4056dde060f1415eee6b8323d5ebfcec4dd5f6e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.6.0-7" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:5dacb0bb125600adb6fecdc9ac583f38877960ae207cb21e925a1df4d36c9973_amd64 as a component of 8Base-RHMTC-1.6", "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:5dacb0bb125600adb6fecdc9ac583f38877960ae207cb21e925a1df4d36c9973_amd64" }, "product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:5dacb0bb125600adb6fecdc9ac583f38877960ae207cb21e925a1df4d36c9973_amd64", "relates_to_product_reference": "8Base-RHMTC-1.6" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:efca0066bcee905c93b907d30f5a5dac779b5fdab573eba2a6af738c275658ff_amd64 as a component of 8Base-RHMTC-1.6", "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:efca0066bcee905c93b907d30f5a5dac779b5fdab573eba2a6af738c275658ff_amd64" }, "product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:efca0066bcee905c93b907d30f5a5dac779b5fdab573eba2a6af738c275658ff_amd64", "relates_to_product_reference": "8Base-RHMTC-1.6" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:4ecda5f0f4ab61eb28d2b513cf373a18d7965acf2c3f81845fa6b9ace90cc1d0_amd64 as a component of 8Base-RHMTC-1.6", "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:4ecda5f0f4ab61eb28d2b513cf373a18d7965acf2c3f81845fa6b9ace90cc1d0_amd64" }, "product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:4ecda5f0f4ab61eb28d2b513cf373a18d7965acf2c3f81845fa6b9ace90cc1d0_amd64", "relates_to_product_reference": "8Base-RHMTC-1.6" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:f3dfe6ccf078244debab1ae4571b20b7ecd884cd8d382a6dc10f4a479dce2c34_amd64 as a component of 8Base-RHMTC-1.6", "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:f3dfe6ccf078244debab1ae4571b20b7ecd884cd8d382a6dc10f4a479dce2c34_amd64" }, "product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:f3dfe6ccf078244debab1ae4571b20b7ecd884cd8d382a6dc10f4a479dce2c34_amd64", "relates_to_product_reference": "8Base-RHMTC-1.6" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:4603fc328b26a8dc454e1cb690f9d1b6534d2e51a806fc474158447fbe8fe6eb_amd64 as a component of 8Base-RHMTC-1.6", "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:4603fc328b26a8dc454e1cb690f9d1b6534d2e51a806fc474158447fbe8fe6eb_amd64" }, "product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:4603fc328b26a8dc454e1cb690f9d1b6534d2e51a806fc474158447fbe8fe6eb_amd64", "relates_to_product_reference": "8Base-RHMTC-1.6" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-rhel8-operator@sha256:5b1911b8e44a717866d7249abd966e487c6925e5eb77eaf507922866928badb6_amd64 as a component of 8Base-RHMTC-1.6", "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:5b1911b8e44a717866d7249abd966e487c6925e5eb77eaf507922866928badb6_amd64" }, "product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:5b1911b8e44a717866d7249abd966e487c6925e5eb77eaf507922866928badb6_amd64", "relates_to_product_reference": "8Base-RHMTC-1.6" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:3678c6f67225f0f37c022bc2604a6a5d78f15b7b57ba9073d06fa3466a3a0526_amd64 as a component of 8Base-RHMTC-1.6", "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:3678c6f67225f0f37c022bc2604a6a5d78f15b7b57ba9073d06fa3466a3a0526_amd64" }, "product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:3678c6f67225f0f37c022bc2604a6a5d78f15b7b57ba9073d06fa3466a3a0526_amd64", "relates_to_product_reference": "8Base-RHMTC-1.6" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:19b8e2f0872faa1d1643d28aa3b893debfe22b102d049c02f335a622c29e3506_amd64 as a component of 8Base-RHMTC-1.6", "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:19b8e2f0872faa1d1643d28aa3b893debfe22b102d049c02f335a622c29e3506_amd64" }, "product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:19b8e2f0872faa1d1643d28aa3b893debfe22b102d049c02f335a622c29e3506_amd64", "relates_to_product_reference": "8Base-RHMTC-1.6" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:02907e535f56c3c46921fe8a405adde11af6a43013ab467628f36a2bde708415_amd64 as a component of 8Base-RHMTC-1.6", "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:02907e535f56c3c46921fe8a405adde11af6a43013ab467628f36a2bde708415_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:02907e535f56c3c46921fe8a405adde11af6a43013ab467628f36a2bde708415_amd64", "relates_to_product_reference": "8Base-RHMTC-1.6" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:b4272ea9b671da7ad0b1d9111e04b1a8505e7d9efe515d41495a8d3e56b4fb45_amd64 as a component of 8Base-RHMTC-1.6", "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:b4272ea9b671da7ad0b1d9111e04b1a8505e7d9efe515d41495a8d3e56b4fb45_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:b4272ea9b671da7ad0b1d9111e04b1a8505e7d9efe515d41495a8d3e56b4fb45_amd64", "relates_to_product_reference": "8Base-RHMTC-1.6" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:881751792fff5803a45a3f4d328d6fd4aaff4f188ea937d0a2b58597d6ee585d_amd64 as a component of 8Base-RHMTC-1.6", "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:881751792fff5803a45a3f4d328d6fd4aaff4f188ea937d0a2b58597d6ee585d_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:881751792fff5803a45a3f4d328d6fd4aaff4f188ea937d0a2b58597d6ee585d_amd64", "relates_to_product_reference": "8Base-RHMTC-1.6" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:8ac2f63fe953daa4caba44e60c65ffa9d3c6653af72ce46cbe423b6da796f33c_amd64 as a component of 8Base-RHMTC-1.6", "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:8ac2f63fe953daa4caba44e60c65ffa9d3c6653af72ce46cbe423b6da796f33c_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:8ac2f63fe953daa4caba44e60c65ffa9d3c6653af72ce46cbe423b6da796f33c_amd64", "relates_to_product_reference": "8Base-RHMTC-1.6" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-rhel8@sha256:697b57a7150f26cbc08ada7c8c5683819d87351cf713614ac9002706463c4392_amd64 as a component of 8Base-RHMTC-1.6", "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:697b57a7150f26cbc08ada7c8c5683819d87351cf713614ac9002706463c4392_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:697b57a7150f26cbc08ada7c8c5683819d87351cf713614ac9002706463c4392_amd64", "relates_to_product_reference": "8Base-RHMTC-1.6" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:6d63774d8b54a62058ee03daf4056dde060f1415eee6b8323d5ebfcec4dd5f6e_amd64 as a component of 8Base-RHMTC-1.6", "product_id": "8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:6d63774d8b54a62058ee03daf4056dde060f1415eee6b8323d5ebfcec4dd5f6e_amd64" }, "product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:6d63774d8b54a62058ee03daf4056dde060f1415eee6b8323d5ebfcec4dd5f6e_amd64", "relates_to_product_reference": "8Base-RHMTC-1.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3749", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-08-31T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:5dacb0bb125600adb6fecdc9ac583f38877960ae207cb21e925a1df4d36c9973_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:efca0066bcee905c93b907d30f5a5dac779b5fdab573eba2a6af738c275658ff_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:4ecda5f0f4ab61eb28d2b513cf373a18d7965acf2c3f81845fa6b9ace90cc1d0_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:f3dfe6ccf078244debab1ae4571b20b7ecd884cd8d382a6dc10f4a479dce2c34_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:4603fc328b26a8dc454e1cb690f9d1b6534d2e51a806fc474158447fbe8fe6eb_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:5b1911b8e44a717866d7249abd966e487c6925e5eb77eaf507922866928badb6_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:3678c6f67225f0f37c022bc2604a6a5d78f15b7b57ba9073d06fa3466a3a0526_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:02907e535f56c3c46921fe8a405adde11af6a43013ab467628f36a2bde708415_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:b4272ea9b671da7ad0b1d9111e04b1a8505e7d9efe515d41495a8d3e56b4fb45_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:881751792fff5803a45a3f4d328d6fd4aaff4f188ea937d0a2b58597d6ee585d_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:8ac2f63fe953daa4caba44e60c65ffa9d3c6653af72ce46cbe423b6da796f33c_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:697b57a7150f26cbc08ada7c8c5683819d87351cf713614ac9002706463c4392_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:6d63774d8b54a62058ee03daf4056dde060f1415eee6b8323d5ebfcec4dd5f6e_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1999784" } ], "notes": [ { "category": "description", "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this vulnerability is system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-axios: Regular expression denial of service in trim function", "title": "Vulnerability summary" }, { "category": "other", "text": "* OpenShift Container Platform (OCP) grafana-container does package a vulnerable version of nodejs axios. However, due to the instance being read only and behind OpenShift OAuth, the impact of this vulnerability is Low.\n\n* Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.1 and previous versions does contain a vulnerable version of nodejs axios, RHACM 2.2 on towards are not affected versions. For RHACM 2.1, due to the instance being read only and behind OAuth, the impact of this vulnerability is Low.\n\n* Because Service Telemetry Framework 1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF\u0027s service-telemetry-operator-container and smart-gateway-operator-container.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:19b8e2f0872faa1d1643d28aa3b893debfe22b102d049c02f335a622c29e3506_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.6:rhmtc/openshift-migration-controller-rhel8@sha256:5dacb0bb125600adb6fecdc9ac583f38877960ae207cb21e925a1df4d36c9973_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-log-reader-rhel8@sha256:efca0066bcee905c93b907d30f5a5dac779b5fdab573eba2a6af738c275658ff_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-must-gather-rhel8@sha256:4ecda5f0f4ab61eb28d2b513cf373a18d7965acf2c3f81845fa6b9ace90cc1d0_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-operator-bundle@sha256:f3dfe6ccf078244debab1ae4571b20b7ecd884cd8d382a6dc10f4a479dce2c34_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-registry-rhel8@sha256:4603fc328b26a8dc454e1cb690f9d1b6534d2e51a806fc474158447fbe8fe6eb_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-rhel8-operator@sha256:5b1911b8e44a717866d7249abd966e487c6925e5eb77eaf507922866928badb6_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:3678c6f67225f0f37c022bc2604a6a5d78f15b7b57ba9073d06fa3466a3a0526_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:02907e535f56c3c46921fe8a405adde11af6a43013ab467628f36a2bde708415_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:b4272ea9b671da7ad0b1d9111e04b1a8505e7d9efe515d41495a8d3e56b4fb45_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:881751792fff5803a45a3f4d328d6fd4aaff4f188ea937d0a2b58597d6ee585d_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:8ac2f63fe953daa4caba44e60c65ffa9d3c6653af72ce46cbe423b6da796f33c_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-migration-velero-rhel8@sha256:697b57a7150f26cbc08ada7c8c5683819d87351cf713614ac9002706463c4392_amd64", "8Base-RHMTC-1.6:rhmtc/openshift-velero-plugin-rhel8@sha256:6d63774d8b54a62058ee03daf4056dde060f1415eee6b8323d5ebfcec4dd5f6e_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3749" }, { "category": "external", "summary": "RHBZ#1999784", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999784" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3749", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3749" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749" }, { "category": "external", "summary": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929", "url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929" }, { "category": "external", "summary": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31", "url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31" } ], "release_date": "2021-08-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-09-29T14:34:25+00:00", "details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/4.8/migration_toolkit_for_containers/installing-mtc.html", "product_ids": [ "8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:19b8e2f0872faa1d1643d28aa3b893debfe22b102d049c02f335a622c29e3506_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.6:rhmtc/openshift-migration-ui-rhel8@sha256:19b8e2f0872faa1d1643d28aa3b893debfe22b102d049c02f335a622c29e3506_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-axios: Regular expression denial of service in trim function" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.