rhsa-2021_4032
Vulnerability from csaf_redhat
Published
2021-11-17 03:31
Modified
2024-11-13 22:24
Summary
Red Hat Security Advisory: Openshift Logging 5.2.3 bug fix and security update
Notes
Topic
An update is now available for OpenShift Logging 5.2.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Openshift Logging Bug Fix Release (5.2.3)
Security Fix(es):
* nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)
* nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for OpenShift Logging 5.2.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Openshift Logging Bug Fix Release (5.2.3)\n\nSecurity Fix(es):\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369) \n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383) \n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4032",
"url": "https://access.redhat.com/errata/RHSA-2021:4032"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "1948761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948761"
},
{
"category": "external",
"summary": "1956688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956688"
},
{
"category": "external",
"summary": "LOG-1857",
"url": "https://issues.redhat.com/browse/LOG-1857"
},
{
"category": "external",
"summary": "LOG-1904",
"url": "https://issues.redhat.com/browse/LOG-1904"
},
{
"category": "external",
"summary": "LOG-1916",
"url": "https://issues.redhat.com/browse/LOG-1916"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4032.json"
}
],
"title": "Red Hat Security Advisory: Openshift Logging 5.2.3 bug fix and security update",
"tracking": {
"current_release_date": "2024-11-13T22:24:23+00:00",
"generator": {
"date": "2024-11-13T22:24:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2021:4032",
"initial_release_date": "2021-11-17T03:31:35+00:00",
"revision_history": [
{
"date": "2021-11-17T03:31:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-17T03:31:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-13T22:24:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Logging 5.2",
"product": {
"name": "OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:5.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f99f1220320f95e5aa671cbdf85c331de74ae5e113746edde5414a2b9f48a94f_s390x",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f99f1220320f95e5aa671cbdf85c331de74ae5e113746edde5414a2b9f48a94f_s390x",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:f99f1220320f95e5aa671cbdf85c331de74ae5e113746edde5414a2b9f48a94f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:f99f1220320f95e5aa671cbdf85c331de74ae5e113746edde5414a2b9f48a94f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.3-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:91697db2fd83da8d67df891a3aededc01dbdd702d7263af3dfa9150c804d3e3f_s390x",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:91697db2fd83da8d67df891a3aededc01dbdd702d7263af3dfa9150c804d3e3f_s390x",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:91697db2fd83da8d67df891a3aededc01dbdd702d7263af3dfa9150c804d3e3f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:91697db2fd83da8d67df891a3aededc01dbdd702d7263af3dfa9150c804d3e3f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.3-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4a23a6b3ab38187ec0f6cd0a81e8f850303bdda28f52c43d6040caa9c82dcce2_s390x",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4a23a6b3ab38187ec0f6cd0a81e8f850303bdda28f52c43d6040caa9c82dcce2_s390x",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4a23a6b3ab38187ec0f6cd0a81e8f850303bdda28f52c43d6040caa9c82dcce2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:4a23a6b3ab38187ec0f6cd0a81e8f850303bdda28f52c43d6040caa9c82dcce2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-45"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:dcecde8c1a6a6e4fa753f5dc64a52f1a2178b61d19b8144f179e06a7fc9cd230_s390x",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:dcecde8c1a6a6e4fa753f5dc64a52f1a2178b61d19b8144f179e06a7fc9cd230_s390x",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:dcecde8c1a6a6e4fa753f5dc64a52f1a2178b61d19b8144f179e06a7fc9cd230_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:dcecde8c1a6a6e4fa753f5dc64a52f1a2178b61d19b8144f179e06a7fc9cd230?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-30"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:fc56fb38d4a1b896eee1fc8f96389ba08594efb352b6b4aca514bf63ff39bb48_s390x",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:fc56fb38d4a1b896eee1fc8f96389ba08594efb352b6b4aca514bf63ff39bb48_s390x",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:fc56fb38d4a1b896eee1fc8f96389ba08594efb352b6b4aca514bf63ff39bb48_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:fc56fb38d4a1b896eee1fc8f96389ba08594efb352b6b4aca514bf63ff39bb48?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-31"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:90ab02de683b8758bb96922a7c470c7844762ea75c773def56a263973b2a13d7_s390x",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:90ab02de683b8758bb96922a7c470c7844762ea75c773def56a263973b2a13d7_s390x",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:90ab02de683b8758bb96922a7c470c7844762ea75c773def56a263973b2a13d7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:90ab02de683b8758bb96922a7c470c7844762ea75c773def56a263973b2a13d7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-43"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:fa15296a4514f1943c860b1b83786bad485b17f0e267f2144d6d8dfffb243b54_s390x",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:fa15296a4514f1943c860b1b83786bad485b17f0e267f2144d6d8dfffb243b54_s390x",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:fa15296a4514f1943c860b1b83786bad485b17f0e267f2144d6d8dfffb243b54_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:fa15296a4514f1943c860b1b83786bad485b17f0e267f2144d6d8dfffb243b54?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-43"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:d21f3467a8233be1ded03ee9e650cbc4084f01d7819c9094e78be384a38cd47e_s390x",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:d21f3467a8233be1ded03ee9e650cbc4084f01d7819c9094e78be384a38cd47e_s390x",
"product_id": "openshift-logging/fluentd-rhel8@sha256:d21f3467a8233be1ded03ee9e650cbc4084f01d7819c9094e78be384a38cd47e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:d21f3467a8233be1ded03ee9e650cbc4084f01d7819c9094e78be384a38cd47e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-43"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:1da6f77d09222d32065b47261e11ae89a2b977e6db68cec7ece0ae7ac01e6ca4_s390x",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:1da6f77d09222d32065b47261e11ae89a2b977e6db68cec7ece0ae7ac01e6ca4_s390x",
"product_id": "openshift-logging/kibana6-rhel8@sha256:1da6f77d09222d32065b47261e11ae89a2b977e6db68cec7ece0ae7ac01e6ca4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:1da6f77d09222d32065b47261e11ae89a2b977e6db68cec7ece0ae7ac01e6ca4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-47"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6182a51b309967a356bbbfa593a3727a8a8d90e11d56af906ff18daeb023eebb_amd64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6182a51b309967a356bbbfa593a3727a8a8d90e11d56af906ff18daeb023eebb_amd64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:6182a51b309967a356bbbfa593a3727a8a8d90e11d56af906ff18daeb023eebb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:6182a51b309967a356bbbfa593a3727a8a8d90e11d56af906ff18daeb023eebb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.3-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:ff207601a17a7b475557cd5a688610895d7cba760e75c3ef5f18568abdf656d2_amd64",
"product": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:ff207601a17a7b475557cd5a688610895d7cba760e75c3ef5f18568abdf656d2_amd64",
"product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:ff207601a17a7b475557cd5a688610895d7cba760e75c3ef5f18568abdf656d2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256:ff207601a17a7b475557cd5a688610895d7cba760e75c3ef5f18568abdf656d2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.2.3-31"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:d6196500fb2e68dd5756f4a3e8bbc17ae27d78eb84bf915234b901378763ff68_amd64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:d6196500fb2e68dd5756f4a3e8bbc17ae27d78eb84bf915234b901378763ff68_amd64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:d6196500fb2e68dd5756f4a3e8bbc17ae27d78eb84bf915234b901378763ff68_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:d6196500fb2e68dd5756f4a3e8bbc17ae27d78eb84bf915234b901378763ff68?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.3-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:e01abe9f13b3ad4018224dc1f5e60baf883fcecfd3816589f0d7398c0507d92b_amd64",
"product": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:e01abe9f13b3ad4018224dc1f5e60baf883fcecfd3816589f0d7398c0507d92b_amd64",
"product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:e01abe9f13b3ad4018224dc1f5e60baf883fcecfd3816589f0d7398c0507d92b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-operator-bundle@sha256:e01abe9f13b3ad4018224dc1f5e60baf883fcecfd3816589f0d7398c0507d92b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.2.3-31"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:d061766695a0801eeae79cd39fde97f5cbc6ff833e46649ba38de45cd4926548_amd64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:d061766695a0801eeae79cd39fde97f5cbc6ff833e46649ba38de45cd4926548_amd64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:d061766695a0801eeae79cd39fde97f5cbc6ff833e46649ba38de45cd4926548_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:d061766695a0801eeae79cd39fde97f5cbc6ff833e46649ba38de45cd4926548?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-45"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:69fcc0f06834828043279e1092f8381a3b407109125cc3e2aa01e80efc4c99ab_amd64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:69fcc0f06834828043279e1092f8381a3b407109125cc3e2aa01e80efc4c99ab_amd64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:69fcc0f06834828043279e1092f8381a3b407109125cc3e2aa01e80efc4c99ab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:69fcc0f06834828043279e1092f8381a3b407109125cc3e2aa01e80efc4c99ab?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-30"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:0c9651598197299acbab7c9c9096f19824af82b070a0ffd0377ce4c438132638_amd64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:0c9651598197299acbab7c9c9096f19824af82b070a0ffd0377ce4c438132638_amd64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:0c9651598197299acbab7c9c9096f19824af82b070a0ffd0377ce4c438132638_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:0c9651598197299acbab7c9c9096f19824af82b070a0ffd0377ce4c438132638?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-31"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:3793a9fbc4428b0ed464c9a5787f8726b8244370d39b5386a1d93272344e44eb_amd64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:3793a9fbc4428b0ed464c9a5787f8726b8244370d39b5386a1d93272344e44eb_amd64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:3793a9fbc4428b0ed464c9a5787f8726b8244370d39b5386a1d93272344e44eb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:3793a9fbc4428b0ed464c9a5787f8726b8244370d39b5386a1d93272344e44eb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-43"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:043ecf977c6b67ff55324966b64f056a6d7606c99c07c166e87a4da03b43e0e7_amd64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:043ecf977c6b67ff55324966b64f056a6d7606c99c07c166e87a4da03b43e0e7_amd64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:043ecf977c6b67ff55324966b64f056a6d7606c99c07c166e87a4da03b43e0e7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:043ecf977c6b67ff55324966b64f056a6d7606c99c07c166e87a4da03b43e0e7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-43"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:4c678fcc688431b2f267fb33f959baab0871c6a80888257fcb2a8124a41cec59_amd64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:4c678fcc688431b2f267fb33f959baab0871c6a80888257fcb2a8124a41cec59_amd64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:4c678fcc688431b2f267fb33f959baab0871c6a80888257fcb2a8124a41cec59_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:4c678fcc688431b2f267fb33f959baab0871c6a80888257fcb2a8124a41cec59?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-43"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:7d67dc6b9c286252beb36bd5558ca724d715c3f7070a1550f27cdc361907b86e_amd64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:7d67dc6b9c286252beb36bd5558ca724d715c3f7070a1550f27cdc361907b86e_amd64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:7d67dc6b9c286252beb36bd5558ca724d715c3f7070a1550f27cdc361907b86e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:7d67dc6b9c286252beb36bd5558ca724d715c3f7070a1550f27cdc361907b86e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-47"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f2ee9ff18134ec7131f2d8534c7e55c1bffbb2817f66a79ce893eb8ec302d83d_ppc64le",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f2ee9ff18134ec7131f2d8534c7e55c1bffbb2817f66a79ce893eb8ec302d83d_ppc64le",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:f2ee9ff18134ec7131f2d8534c7e55c1bffbb2817f66a79ce893eb8ec302d83d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:f2ee9ff18134ec7131f2d8534c7e55c1bffbb2817f66a79ce893eb8ec302d83d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.3-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:3b64528fd64e210030023670eaf15b14cab4947d24770ea934d71d532f4f6b3b_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:3b64528fd64e210030023670eaf15b14cab4947d24770ea934d71d532f4f6b3b_ppc64le",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:3b64528fd64e210030023670eaf15b14cab4947d24770ea934d71d532f4f6b3b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:3b64528fd64e210030023670eaf15b14cab4947d24770ea934d71d532f4f6b3b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.3-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:bb9d7b29530509e5ea5d033b5bf15d334460b15560384d7633384a29fa9cfa99_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:bb9d7b29530509e5ea5d033b5bf15d334460b15560384d7633384a29fa9cfa99_ppc64le",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:bb9d7b29530509e5ea5d033b5bf15d334460b15560384d7633384a29fa9cfa99_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:bb9d7b29530509e5ea5d033b5bf15d334460b15560384d7633384a29fa9cfa99?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-45"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ee11b13e32ec38b463b6a7114fbdf1b67e259757abe73f4fca139a9c9ba1f1aa_ppc64le",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ee11b13e32ec38b463b6a7114fbdf1b67e259757abe73f4fca139a9c9ba1f1aa_ppc64le",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ee11b13e32ec38b463b6a7114fbdf1b67e259757abe73f4fca139a9c9ba1f1aa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:ee11b13e32ec38b463b6a7114fbdf1b67e259757abe73f4fca139a9c9ba1f1aa?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-30"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:1cb6404bf5173c1fc73b26cefcb2f2e8c6a6048877e180892a9d2bd6be6c8337_ppc64le",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:1cb6404bf5173c1fc73b26cefcb2f2e8c6a6048877e180892a9d2bd6be6c8337_ppc64le",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:1cb6404bf5173c1fc73b26cefcb2f2e8c6a6048877e180892a9d2bd6be6c8337_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:1cb6404bf5173c1fc73b26cefcb2f2e8c6a6048877e180892a9d2bd6be6c8337?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-31"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:91541558240e4390d3815b952d181efe3f005a7c276cb5425d0ca7d8051faa36_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:91541558240e4390d3815b952d181efe3f005a7c276cb5425d0ca7d8051faa36_ppc64le",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:91541558240e4390d3815b952d181efe3f005a7c276cb5425d0ca7d8051faa36_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:91541558240e4390d3815b952d181efe3f005a7c276cb5425d0ca7d8051faa36?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-43"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:b810a4bcd547bb17ad4d934c8f337d63e3650f0cb0b59b9738a2f48dbb3b22ea_ppc64le",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:b810a4bcd547bb17ad4d934c8f337d63e3650f0cb0b59b9738a2f48dbb3b22ea_ppc64le",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:b810a4bcd547bb17ad4d934c8f337d63e3650f0cb0b59b9738a2f48dbb3b22ea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:b810a4bcd547bb17ad4d934c8f337d63e3650f0cb0b59b9738a2f48dbb3b22ea?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-43"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:5a7c23e6546cc4e6f1f61f735f6476f24b6adad3bca6f735c1dfb9fdf1c38595_ppc64le",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:5a7c23e6546cc4e6f1f61f735f6476f24b6adad3bca6f735c1dfb9fdf1c38595_ppc64le",
"product_id": "openshift-logging/fluentd-rhel8@sha256:5a7c23e6546cc4e6f1f61f735f6476f24b6adad3bca6f735c1dfb9fdf1c38595_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:5a7c23e6546cc4e6f1f61f735f6476f24b6adad3bca6f735c1dfb9fdf1c38595?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-43"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:6997e36e31d4e1c609917a335559486921abaf72399ebf51babba3be28fba9d1_ppc64le",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:6997e36e31d4e1c609917a335559486921abaf72399ebf51babba3be28fba9d1_ppc64le",
"product_id": "openshift-logging/kibana6-rhel8@sha256:6997e36e31d4e1c609917a335559486921abaf72399ebf51babba3be28fba9d1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:6997e36e31d4e1c609917a335559486921abaf72399ebf51babba3be28fba9d1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-47"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:ff207601a17a7b475557cd5a688610895d7cba760e75c3ef5f18568abdf656d2_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:ff207601a17a7b475557cd5a688610895d7cba760e75c3ef5f18568abdf656d2_amd64"
},
"product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:ff207601a17a7b475557cd5a688610895d7cba760e75c3ef5f18568abdf656d2_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6182a51b309967a356bbbfa593a3727a8a8d90e11d56af906ff18daeb023eebb_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6182a51b309967a356bbbfa593a3727a8a8d90e11d56af906ff18daeb023eebb_amd64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:6182a51b309967a356bbbfa593a3727a8a8d90e11d56af906ff18daeb023eebb_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f2ee9ff18134ec7131f2d8534c7e55c1bffbb2817f66a79ce893eb8ec302d83d_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f2ee9ff18134ec7131f2d8534c7e55c1bffbb2817f66a79ce893eb8ec302d83d_ppc64le"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:f2ee9ff18134ec7131f2d8534c7e55c1bffbb2817f66a79ce893eb8ec302d83d_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f99f1220320f95e5aa671cbdf85c331de74ae5e113746edde5414a2b9f48a94f_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f99f1220320f95e5aa671cbdf85c331de74ae5e113746edde5414a2b9f48a94f_s390x"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:f99f1220320f95e5aa671cbdf85c331de74ae5e113746edde5414a2b9f48a94f_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:e01abe9f13b3ad4018224dc1f5e60baf883fcecfd3816589f0d7398c0507d92b_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:e01abe9f13b3ad4018224dc1f5e60baf883fcecfd3816589f0d7398c0507d92b_amd64"
},
"product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:e01abe9f13b3ad4018224dc1f5e60baf883fcecfd3816589f0d7398c0507d92b_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4a23a6b3ab38187ec0f6cd0a81e8f850303bdda28f52c43d6040caa9c82dcce2_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:4a23a6b3ab38187ec0f6cd0a81e8f850303bdda28f52c43d6040caa9c82dcce2_s390x"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4a23a6b3ab38187ec0f6cd0a81e8f850303bdda28f52c43d6040caa9c82dcce2_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:bb9d7b29530509e5ea5d033b5bf15d334460b15560384d7633384a29fa9cfa99_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:bb9d7b29530509e5ea5d033b5bf15d334460b15560384d7633384a29fa9cfa99_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:bb9d7b29530509e5ea5d033b5bf15d334460b15560384d7633384a29fa9cfa99_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:d061766695a0801eeae79cd39fde97f5cbc6ff833e46649ba38de45cd4926548_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:d061766695a0801eeae79cd39fde97f5cbc6ff833e46649ba38de45cd4926548_amd64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:d061766695a0801eeae79cd39fde97f5cbc6ff833e46649ba38de45cd4926548_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:3b64528fd64e210030023670eaf15b14cab4947d24770ea934d71d532f4f6b3b_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:3b64528fd64e210030023670eaf15b14cab4947d24770ea934d71d532f4f6b3b_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:3b64528fd64e210030023670eaf15b14cab4947d24770ea934d71d532f4f6b3b_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:91697db2fd83da8d67df891a3aededc01dbdd702d7263af3dfa9150c804d3e3f_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:91697db2fd83da8d67df891a3aededc01dbdd702d7263af3dfa9150c804d3e3f_s390x"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:91697db2fd83da8d67df891a3aededc01dbdd702d7263af3dfa9150c804d3e3f_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:d6196500fb2e68dd5756f4a3e8bbc17ae27d78eb84bf915234b901378763ff68_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d6196500fb2e68dd5756f4a3e8bbc17ae27d78eb84bf915234b901378763ff68_amd64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:d6196500fb2e68dd5756f4a3e8bbc17ae27d78eb84bf915234b901378763ff68_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:3793a9fbc4428b0ed464c9a5787f8726b8244370d39b5386a1d93272344e44eb_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:3793a9fbc4428b0ed464c9a5787f8726b8244370d39b5386a1d93272344e44eb_amd64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:3793a9fbc4428b0ed464c9a5787f8726b8244370d39b5386a1d93272344e44eb_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:90ab02de683b8758bb96922a7c470c7844762ea75c773def56a263973b2a13d7_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:90ab02de683b8758bb96922a7c470c7844762ea75c773def56a263973b2a13d7_s390x"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:90ab02de683b8758bb96922a7c470c7844762ea75c773def56a263973b2a13d7_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:91541558240e4390d3815b952d181efe3f005a7c276cb5425d0ca7d8051faa36_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:91541558240e4390d3815b952d181efe3f005a7c276cb5425d0ca7d8051faa36_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:91541558240e4390d3815b952d181efe3f005a7c276cb5425d0ca7d8051faa36_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:043ecf977c6b67ff55324966b64f056a6d7606c99c07c166e87a4da03b43e0e7_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:043ecf977c6b67ff55324966b64f056a6d7606c99c07c166e87a4da03b43e0e7_amd64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:043ecf977c6b67ff55324966b64f056a6d7606c99c07c166e87a4da03b43e0e7_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:b810a4bcd547bb17ad4d934c8f337d63e3650f0cb0b59b9738a2f48dbb3b22ea_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b810a4bcd547bb17ad4d934c8f337d63e3650f0cb0b59b9738a2f48dbb3b22ea_ppc64le"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:b810a4bcd547bb17ad4d934c8f337d63e3650f0cb0b59b9738a2f48dbb3b22ea_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:fa15296a4514f1943c860b1b83786bad485b17f0e267f2144d6d8dfffb243b54_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:fa15296a4514f1943c860b1b83786bad485b17f0e267f2144d6d8dfffb243b54_s390x"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:fa15296a4514f1943c860b1b83786bad485b17f0e267f2144d6d8dfffb243b54_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:4c678fcc688431b2f267fb33f959baab0871c6a80888257fcb2a8124a41cec59_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:4c678fcc688431b2f267fb33f959baab0871c6a80888257fcb2a8124a41cec59_amd64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:4c678fcc688431b2f267fb33f959baab0871c6a80888257fcb2a8124a41cec59_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:5a7c23e6546cc4e6f1f61f735f6476f24b6adad3bca6f735c1dfb9fdf1c38595_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:5a7c23e6546cc4e6f1f61f735f6476f24b6adad3bca6f735c1dfb9fdf1c38595_ppc64le"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:5a7c23e6546cc4e6f1f61f735f6476f24b6adad3bca6f735c1dfb9fdf1c38595_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:d21f3467a8233be1ded03ee9e650cbc4084f01d7819c9094e78be384a38cd47e_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:d21f3467a8233be1ded03ee9e650cbc4084f01d7819c9094e78be384a38cd47e_s390x"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:d21f3467a8233be1ded03ee9e650cbc4084f01d7819c9094e78be384a38cd47e_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:1da6f77d09222d32065b47261e11ae89a2b977e6db68cec7ece0ae7ac01e6ca4_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:1da6f77d09222d32065b47261e11ae89a2b977e6db68cec7ece0ae7ac01e6ca4_s390x"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:1da6f77d09222d32065b47261e11ae89a2b977e6db68cec7ece0ae7ac01e6ca4_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:6997e36e31d4e1c609917a335559486921abaf72399ebf51babba3be28fba9d1_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:6997e36e31d4e1c609917a335559486921abaf72399ebf51babba3be28fba9d1_ppc64le"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:6997e36e31d4e1c609917a335559486921abaf72399ebf51babba3be28fba9d1_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:7d67dc6b9c286252beb36bd5558ca724d715c3f7070a1550f27cdc361907b86e_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:7d67dc6b9c286252beb36bd5558ca724d715c3f7070a1550f27cdc361907b86e_amd64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:7d67dc6b9c286252beb36bd5558ca724d715c3f7070a1550f27cdc361907b86e_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:69fcc0f06834828043279e1092f8381a3b407109125cc3e2aa01e80efc4c99ab_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:69fcc0f06834828043279e1092f8381a3b407109125cc3e2aa01e80efc4c99ab_amd64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:69fcc0f06834828043279e1092f8381a3b407109125cc3e2aa01e80efc4c99ab_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:dcecde8c1a6a6e4fa753f5dc64a52f1a2178b61d19b8144f179e06a7fc9cd230_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:dcecde8c1a6a6e4fa753f5dc64a52f1a2178b61d19b8144f179e06a7fc9cd230_s390x"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:dcecde8c1a6a6e4fa753f5dc64a52f1a2178b61d19b8144f179e06a7fc9cd230_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ee11b13e32ec38b463b6a7114fbdf1b67e259757abe73f4fca139a9c9ba1f1aa_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:ee11b13e32ec38b463b6a7114fbdf1b67e259757abe73f4fca139a9c9ba1f1aa_ppc64le"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ee11b13e32ec38b463b6a7114fbdf1b67e259757abe73f4fca139a9c9ba1f1aa_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:0c9651598197299acbab7c9c9096f19824af82b070a0ffd0377ce4c438132638_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c9651598197299acbab7c9c9096f19824af82b070a0ffd0377ce4c438132638_amd64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:0c9651598197299acbab7c9c9096f19824af82b070a0ffd0377ce4c438132638_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:1cb6404bf5173c1fc73b26cefcb2f2e8c6a6048877e180892a9d2bd6be6c8337_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1cb6404bf5173c1fc73b26cefcb2f2e8c6a6048877e180892a9d2bd6be6c8337_ppc64le"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:1cb6404bf5173c1fc73b26cefcb2f2e8c6a6048877e180892a9d2bd6be6c8337_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:fc56fb38d4a1b896eee1fc8f96389ba08594efb352b6b4aca514bf63ff39bb48_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:fc56fb38d4a1b896eee1fc8f96389ba08594efb352b6b4aca514bf63ff39bb48_s390x"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:fc56fb38d4a1b896eee1fc8f96389ba08594efb352b6b4aca514bf63ff39bb48_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23369",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-04-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:ff207601a17a7b475557cd5a688610895d7cba760e75c3ef5f18568abdf656d2_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6182a51b309967a356bbbfa593a3727a8a8d90e11d56af906ff18daeb023eebb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f2ee9ff18134ec7131f2d8534c7e55c1bffbb2817f66a79ce893eb8ec302d83d_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f99f1220320f95e5aa671cbdf85c331de74ae5e113746edde5414a2b9f48a94f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:e01abe9f13b3ad4018224dc1f5e60baf883fcecfd3816589f0d7398c0507d92b_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:4a23a6b3ab38187ec0f6cd0a81e8f850303bdda28f52c43d6040caa9c82dcce2_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:bb9d7b29530509e5ea5d033b5bf15d334460b15560384d7633384a29fa9cfa99_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:d061766695a0801eeae79cd39fde97f5cbc6ff833e46649ba38de45cd4926548_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:3b64528fd64e210030023670eaf15b14cab4947d24770ea934d71d532f4f6b3b_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:91697db2fd83da8d67df891a3aededc01dbdd702d7263af3dfa9150c804d3e3f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d6196500fb2e68dd5756f4a3e8bbc17ae27d78eb84bf915234b901378763ff68_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:3793a9fbc4428b0ed464c9a5787f8726b8244370d39b5386a1d93272344e44eb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:90ab02de683b8758bb96922a7c470c7844762ea75c773def56a263973b2a13d7_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:91541558240e4390d3815b952d181efe3f005a7c276cb5425d0ca7d8051faa36_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:043ecf977c6b67ff55324966b64f056a6d7606c99c07c166e87a4da03b43e0e7_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b810a4bcd547bb17ad4d934c8f337d63e3650f0cb0b59b9738a2f48dbb3b22ea_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:fa15296a4514f1943c860b1b83786bad485b17f0e267f2144d6d8dfffb243b54_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:4c678fcc688431b2f267fb33f959baab0871c6a80888257fcb2a8124a41cec59_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:5a7c23e6546cc4e6f1f61f735f6476f24b6adad3bca6f735c1dfb9fdf1c38595_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:d21f3467a8233be1ded03ee9e650cbc4084f01d7819c9094e78be384a38cd47e_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:69fcc0f06834828043279e1092f8381a3b407109125cc3e2aa01e80efc4c99ab_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:dcecde8c1a6a6e4fa753f5dc64a52f1a2178b61d19b8144f179e06a7fc9cd230_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:ee11b13e32ec38b463b6a7114fbdf1b67e259757abe73f4fca139a9c9ba1f1aa_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c9651598197299acbab7c9c9096f19824af82b070a0ffd0377ce4c438132638_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1cb6404bf5173c1fc73b26cefcb2f2e8c6a6048877e180892a9d2bd6be6c8337_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:fc56fb38d4a1b896eee1fc8f96389ba08594efb352b6b4aca514bf63ff39bb48_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1948761"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars. A missing check when getting prototype properties in the template function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system (e.g. browser or server) when the template is compiled with the strict:true option. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Container Platform (OCP) 4 delivers the kibana package which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. \nThe openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code.\n\nIn OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) some components include the vulnerable handlebars library, but access is protected by OpenShift OAuth what reducing impact by this flaw to LOW.\n\nRed Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so have been given a low impact rating.\n\nRed Hat Gluster Storage 3 bundles vulnerable Handlebars.js (with pcs), however it does not use \"strict\" option and templates from external sources, hence this issue has been rated as having a security impact of Low.\n\nIn Red Hat Virtualization ovirt-engine-ui-extensions and ovirt-web-ui Handlebars.js is included as a dependency of conventional-changelog-writer, it does not impact production code and as such has been given a low impact rating and set to wontfix. Handlebars.js may be updated to a newer version in future updates.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:1da6f77d09222d32065b47261e11ae89a2b977e6db68cec7ece0ae7ac01e6ca4_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:6997e36e31d4e1c609917a335559486921abaf72399ebf51babba3be28fba9d1_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:7d67dc6b9c286252beb36bd5558ca724d715c3f7070a1550f27cdc361907b86e_amd64"
],
"known_not_affected": [
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:ff207601a17a7b475557cd5a688610895d7cba760e75c3ef5f18568abdf656d2_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6182a51b309967a356bbbfa593a3727a8a8d90e11d56af906ff18daeb023eebb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f2ee9ff18134ec7131f2d8534c7e55c1bffbb2817f66a79ce893eb8ec302d83d_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f99f1220320f95e5aa671cbdf85c331de74ae5e113746edde5414a2b9f48a94f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:e01abe9f13b3ad4018224dc1f5e60baf883fcecfd3816589f0d7398c0507d92b_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:4a23a6b3ab38187ec0f6cd0a81e8f850303bdda28f52c43d6040caa9c82dcce2_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:bb9d7b29530509e5ea5d033b5bf15d334460b15560384d7633384a29fa9cfa99_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:d061766695a0801eeae79cd39fde97f5cbc6ff833e46649ba38de45cd4926548_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:3b64528fd64e210030023670eaf15b14cab4947d24770ea934d71d532f4f6b3b_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:91697db2fd83da8d67df891a3aededc01dbdd702d7263af3dfa9150c804d3e3f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d6196500fb2e68dd5756f4a3e8bbc17ae27d78eb84bf915234b901378763ff68_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:3793a9fbc4428b0ed464c9a5787f8726b8244370d39b5386a1d93272344e44eb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:90ab02de683b8758bb96922a7c470c7844762ea75c773def56a263973b2a13d7_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:91541558240e4390d3815b952d181efe3f005a7c276cb5425d0ca7d8051faa36_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:043ecf977c6b67ff55324966b64f056a6d7606c99c07c166e87a4da03b43e0e7_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b810a4bcd547bb17ad4d934c8f337d63e3650f0cb0b59b9738a2f48dbb3b22ea_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:fa15296a4514f1943c860b1b83786bad485b17f0e267f2144d6d8dfffb243b54_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:4c678fcc688431b2f267fb33f959baab0871c6a80888257fcb2a8124a41cec59_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:5a7c23e6546cc4e6f1f61f735f6476f24b6adad3bca6f735c1dfb9fdf1c38595_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:d21f3467a8233be1ded03ee9e650cbc4084f01d7819c9094e78be384a38cd47e_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:69fcc0f06834828043279e1092f8381a3b407109125cc3e2aa01e80efc4c99ab_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:dcecde8c1a6a6e4fa753f5dc64a52f1a2178b61d19b8144f179e06a7fc9cd230_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:ee11b13e32ec38b463b6a7114fbdf1b67e259757abe73f4fca139a9c9ba1f1aa_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c9651598197299acbab7c9c9096f19824af82b070a0ffd0377ce4c438132638_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1cb6404bf5173c1fc73b26cefcb2f2e8c6a6048877e180892a9d2bd6be6c8337_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:fc56fb38d4a1b896eee1fc8f96389ba08594efb352b6b4aca514bf63ff39bb48_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23369"
},
{
"category": "external",
"summary": "RHBZ#1948761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948761"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23369"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23369",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23369"
}
],
"release_date": "2021-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-17T03:31:35+00:00",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:1da6f77d09222d32065b47261e11ae89a2b977e6db68cec7ece0ae7ac01e6ca4_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:6997e36e31d4e1c609917a335559486921abaf72399ebf51babba3be28fba9d1_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:7d67dc6b9c286252beb36bd5558ca724d715c3f7070a1550f27cdc361907b86e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4032"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:1da6f77d09222d32065b47261e11ae89a2b977e6db68cec7ece0ae7ac01e6ca4_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:6997e36e31d4e1c609917a335559486921abaf72399ebf51babba3be28fba9d1_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:7d67dc6b9c286252beb36bd5558ca724d715c3f7070a1550f27cdc361907b86e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option"
},
{
"cve": "CVE-2021-23383",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-04-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:ff207601a17a7b475557cd5a688610895d7cba760e75c3ef5f18568abdf656d2_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6182a51b309967a356bbbfa593a3727a8a8d90e11d56af906ff18daeb023eebb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f2ee9ff18134ec7131f2d8534c7e55c1bffbb2817f66a79ce893eb8ec302d83d_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f99f1220320f95e5aa671cbdf85c331de74ae5e113746edde5414a2b9f48a94f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:e01abe9f13b3ad4018224dc1f5e60baf883fcecfd3816589f0d7398c0507d92b_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:4a23a6b3ab38187ec0f6cd0a81e8f850303bdda28f52c43d6040caa9c82dcce2_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:bb9d7b29530509e5ea5d033b5bf15d334460b15560384d7633384a29fa9cfa99_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:d061766695a0801eeae79cd39fde97f5cbc6ff833e46649ba38de45cd4926548_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:3b64528fd64e210030023670eaf15b14cab4947d24770ea934d71d532f4f6b3b_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:91697db2fd83da8d67df891a3aededc01dbdd702d7263af3dfa9150c804d3e3f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d6196500fb2e68dd5756f4a3e8bbc17ae27d78eb84bf915234b901378763ff68_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:3793a9fbc4428b0ed464c9a5787f8726b8244370d39b5386a1d93272344e44eb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:90ab02de683b8758bb96922a7c470c7844762ea75c773def56a263973b2a13d7_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:91541558240e4390d3815b952d181efe3f005a7c276cb5425d0ca7d8051faa36_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:043ecf977c6b67ff55324966b64f056a6d7606c99c07c166e87a4da03b43e0e7_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b810a4bcd547bb17ad4d934c8f337d63e3650f0cb0b59b9738a2f48dbb3b22ea_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:fa15296a4514f1943c860b1b83786bad485b17f0e267f2144d6d8dfffb243b54_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:4c678fcc688431b2f267fb33f959baab0871c6a80888257fcb2a8124a41cec59_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:5a7c23e6546cc4e6f1f61f735f6476f24b6adad3bca6f735c1dfb9fdf1c38595_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:d21f3467a8233be1ded03ee9e650cbc4084f01d7819c9094e78be384a38cd47e_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:69fcc0f06834828043279e1092f8381a3b407109125cc3e2aa01e80efc4c99ab_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:dcecde8c1a6a6e4fa753f5dc64a52f1a2178b61d19b8144f179e06a7fc9cd230_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:ee11b13e32ec38b463b6a7114fbdf1b67e259757abe73f4fca139a9c9ba1f1aa_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c9651598197299acbab7c9c9096f19824af82b070a0ffd0377ce4c438132638_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1cb6404bf5173c1fc73b26cefcb2f2e8c6a6048877e180892a9d2bd6be6c8337_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:fc56fb38d4a1b896eee1fc8f96389ba08594efb352b6b4aca514bf63ff39bb48_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1956688"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-handlebars. A unescaped value in the JavaScriptCompiler.prototype.depthedLookup function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system (e.g. browser or server) when the template is compiled with the compat:true option. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Container Platform (OCP) 4 delivers the kibana component which includes Handlebars.js. Starting in 4.6, kibana is shipping as \"container first\" content. As such, the fix for OCP will be seen in the affected products table under openshift4/ose-logging-kibana6. The separate package \"kibana\" listed under \"OpenShift Container Platform 4\" is only used by 4.5 and earlier and will not be fixed.\n\nIn OpenShift Container Platform (OCP) and OpenShift ServiceMesh (OSSM) some components include the vulnerable handlebars library, but access is protected by OpenShift OAuth what reducing impact by this flaw to LOW.\n\nRed Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so have been given a low impact rating.\n\nRed Hat Gluster Storage 3 bundles vulnerable Handlebars.js (with pcs), however it does not use \"compat\" option and templates from external sources, hence this issue has been rated as having a security impact of Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:1da6f77d09222d32065b47261e11ae89a2b977e6db68cec7ece0ae7ac01e6ca4_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:6997e36e31d4e1c609917a335559486921abaf72399ebf51babba3be28fba9d1_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:7d67dc6b9c286252beb36bd5558ca724d715c3f7070a1550f27cdc361907b86e_amd64"
],
"known_not_affected": [
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:ff207601a17a7b475557cd5a688610895d7cba760e75c3ef5f18568abdf656d2_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6182a51b309967a356bbbfa593a3727a8a8d90e11d56af906ff18daeb023eebb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f2ee9ff18134ec7131f2d8534c7e55c1bffbb2817f66a79ce893eb8ec302d83d_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f99f1220320f95e5aa671cbdf85c331de74ae5e113746edde5414a2b9f48a94f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:e01abe9f13b3ad4018224dc1f5e60baf883fcecfd3816589f0d7398c0507d92b_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:4a23a6b3ab38187ec0f6cd0a81e8f850303bdda28f52c43d6040caa9c82dcce2_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:bb9d7b29530509e5ea5d033b5bf15d334460b15560384d7633384a29fa9cfa99_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:d061766695a0801eeae79cd39fde97f5cbc6ff833e46649ba38de45cd4926548_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:3b64528fd64e210030023670eaf15b14cab4947d24770ea934d71d532f4f6b3b_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:91697db2fd83da8d67df891a3aededc01dbdd702d7263af3dfa9150c804d3e3f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:d6196500fb2e68dd5756f4a3e8bbc17ae27d78eb84bf915234b901378763ff68_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:3793a9fbc4428b0ed464c9a5787f8726b8244370d39b5386a1d93272344e44eb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:90ab02de683b8758bb96922a7c470c7844762ea75c773def56a263973b2a13d7_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:91541558240e4390d3815b952d181efe3f005a7c276cb5425d0ca7d8051faa36_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:043ecf977c6b67ff55324966b64f056a6d7606c99c07c166e87a4da03b43e0e7_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:b810a4bcd547bb17ad4d934c8f337d63e3650f0cb0b59b9738a2f48dbb3b22ea_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:fa15296a4514f1943c860b1b83786bad485b17f0e267f2144d6d8dfffb243b54_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:4c678fcc688431b2f267fb33f959baab0871c6a80888257fcb2a8124a41cec59_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:5a7c23e6546cc4e6f1f61f735f6476f24b6adad3bca6f735c1dfb9fdf1c38595_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:d21f3467a8233be1ded03ee9e650cbc4084f01d7819c9094e78be384a38cd47e_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:69fcc0f06834828043279e1092f8381a3b407109125cc3e2aa01e80efc4c99ab_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:dcecde8c1a6a6e4fa753f5dc64a52f1a2178b61d19b8144f179e06a7fc9cd230_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:ee11b13e32ec38b463b6a7114fbdf1b67e259757abe73f4fca139a9c9ba1f1aa_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c9651598197299acbab7c9c9096f19824af82b070a0ffd0377ce4c438132638_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:1cb6404bf5173c1fc73b26cefcb2f2e8c6a6048877e180892a9d2bd6be6c8337_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:fc56fb38d4a1b896eee1fc8f96389ba08594efb352b6b4aca514bf63ff39bb48_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23383"
},
{
"category": "external",
"summary": "RHBZ#1956688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23383",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23383"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383"
}
],
"release_date": "2021-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-17T03:31:35+00:00",
"details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:1da6f77d09222d32065b47261e11ae89a2b977e6db68cec7ece0ae7ac01e6ca4_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:6997e36e31d4e1c609917a335559486921abaf72399ebf51babba3be28fba9d1_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:7d67dc6b9c286252beb36bd5558ca724d715c3f7070a1550f27cdc361907b86e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4032"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:1da6f77d09222d32065b47261e11ae89a2b977e6db68cec7ece0ae7ac01e6ca4_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:6997e36e31d4e1c609917a335559486921abaf72399ebf51babba3be28fba9d1_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:7d67dc6b9c286252beb36bd5558ca724d715c3f7070a1550f27cdc361907b86e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option"
}
]
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.