csaf_redhat - rhsa-2022

rhsa-2022_0047

Vulnerability from csaf_redhat

Published

2022-01-10 12:24

Modified

2024-11-15 10:43

Summary

Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging security and bug fix update (5.0.11)

Notes

Topic

An update is now available for OpenShift Logging (5.0.11) Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Openshift Logging Bug Fix Release (5.0.11) Security Fix(es): * log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for OpenShift Logging (5.0.11)\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Openshift Logging Bug Fix Release (5.0.11)\n\nSecurity Fix(es):\n\n* log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:0047",
        "url": "https://access.redhat.com/errata/RHSA-2022:0047"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "2034067",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067"
      },
      {
        "category": "external",
        "summary": "LOG-2075",
        "url": "https://issues.redhat.com/browse/LOG-2075"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0047.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging security and bug fix update (5.0.11)",
    "tracking": {
      "current_release_date": "2024-11-15T10:43:43+00:00",
      "generator": {
        "date": "2024-11-15T10:43:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2022:0047",
      "initial_release_date": "2022-01-10T12:24:26+00:00",
      "revision_history": [
        {
          "date": "2022-01-10T12:24:26+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-01-10T12:24:26+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-15T10:43:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Logging 5.0",
                "product": {
                  "name": "OpenShift Logging 5.0",
                  "product_id": "8Base-OSE-LOGGING-5.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:logging:5.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:b916970dea6c843a2de7cb0988a01798c7822620d2a6bad7fd7b1267779097fd_s390x",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:b916970dea6c843a2de7cb0988a01798c7822620d2a6bad7fd7b1267779097fd_s390x",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:b916970dea6c843a2de7cb0988a01798c7822620d2a6bad7fd7b1267779097fd_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:b916970dea6c843a2de7cb0988a01798c7822620d2a6bad7fd7b1267779097fd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ff9d037857d189dbdf52ec325156873fa041205c62808574a36702c643676076_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ff9d037857d189dbdf52ec325156873fa041205c62808574a36702c643676076_s390x",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:ff9d037857d189dbdf52ec325156873fa041205c62808574a36702c643676076_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:ff9d037857d189dbdf52ec325156873fa041205c62808574a36702c643676076?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4dcdfdb34ef7eea805d4a56e2bade62c1b66de9872155c9db08cbb5337294814_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4dcdfdb34ef7eea805d4a56e2bade62c1b66de9872155c9db08cbb5337294814_s390x",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4dcdfdb34ef7eea805d4a56e2bade62c1b66de9872155c9db08cbb5337294814_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:4dcdfdb34ef7eea805d4a56e2bade62c1b66de9872155c9db08cbb5337294814?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:66b3dad7c0c3ce105321dbe919fc7c73a5230f7093fb21b309011c343984a081_s390x",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:66b3dad7c0c3ce105321dbe919fc7c73a5230f7093fb21b309011c343984a081_s390x",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:66b3dad7c0c3ce105321dbe919fc7c73a5230f7093fb21b309011c343984a081_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:66b3dad7c0c3ce105321dbe919fc7c73a5230f7093fb21b309011c343984a081?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:339b7a228a8cd1e15498a6081332ec0af20913f488afa521e5134bf78f6eb6f3_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:339b7a228a8cd1e15498a6081332ec0af20913f488afa521e5134bf78f6eb6f3_s390x",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:339b7a228a8cd1e15498a6081332ec0af20913f488afa521e5134bf78f6eb6f3_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:339b7a228a8cd1e15498a6081332ec0af20913f488afa521e5134bf78f6eb6f3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:6728124547e2017d7422a878c088aaeae249b5de184131ef3ffbeaf908cb5ee3_s390x",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:6728124547e2017d7422a878c088aaeae249b5de184131ef3ffbeaf908cb5ee3_s390x",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:6728124547e2017d7422a878c088aaeae249b5de184131ef3ffbeaf908cb5ee3_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:6728124547e2017d7422a878c088aaeae249b5de184131ef3ffbeaf908cb5ee3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:2ecc31383fe12b21cb9d0796e730349c742f2b319c0228e2dee0e10db48f898f_s390x",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:2ecc31383fe12b21cb9d0796e730349c742f2b319c0228e2dee0e10db48f898f_s390x",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:2ecc31383fe12b21cb9d0796e730349c742f2b319c0228e2dee0e10db48f898f_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:2ecc31383fe12b21cb9d0796e730349c742f2b319c0228e2dee0e10db48f898f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:faca27d01c6a8302605d4c9e47837961aba161dbf957b29becb5e72d17b1dfdc_s390x",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:faca27d01c6a8302605d4c9e47837961aba161dbf957b29becb5e72d17b1dfdc_s390x",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:faca27d01c6a8302605d4c9e47837961aba161dbf957b29becb5e72d17b1dfdc_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:faca27d01c6a8302605d4c9e47837961aba161dbf957b29becb5e72d17b1dfdc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:df770b43f7828f8b9b106a3fcd271af13952ef009e044be96f0d27381cd58d98_ppc64le",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:df770b43f7828f8b9b106a3fcd271af13952ef009e044be96f0d27381cd58d98_ppc64le",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:df770b43f7828f8b9b106a3fcd271af13952ef009e044be96f0d27381cd58d98_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:df770b43f7828f8b9b106a3fcd271af13952ef009e044be96f0d27381cd58d98?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:92c60ffc66d3a573468508d6af77fe0db8fdeb22e7af16337bf90d6e02d873b3_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:92c60ffc66d3a573468508d6af77fe0db8fdeb22e7af16337bf90d6e02d873b3_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:92c60ffc66d3a573468508d6af77fe0db8fdeb22e7af16337bf90d6e02d873b3_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:92c60ffc66d3a573468508d6af77fe0db8fdeb22e7af16337bf90d6e02d873b3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e95dc630de08eb883625fd2e2b9bc1cc719651e63bee301884876416dde3661a_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e95dc630de08eb883625fd2e2b9bc1cc719651e63bee301884876416dde3661a_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e95dc630de08eb883625fd2e2b9bc1cc719651e63bee301884876416dde3661a_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:e95dc630de08eb883625fd2e2b9bc1cc719651e63bee301884876416dde3661a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:d95b8e5716afb53d25711900d2b840eb50f5603a91742f4d227e624c1e1d7b3d_ppc64le",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:d95b8e5716afb53d25711900d2b840eb50f5603a91742f4d227e624c1e1d7b3d_ppc64le",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:d95b8e5716afb53d25711900d2b840eb50f5603a91742f4d227e624c1e1d7b3d_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:d95b8e5716afb53d25711900d2b840eb50f5603a91742f4d227e624c1e1d7b3d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:7aca3211b51bcddcfb1e821fa45db1f05ef466e225ccc9b56ae5ebc9ab10ad8d_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:7aca3211b51bcddcfb1e821fa45db1f05ef466e225ccc9b56ae5ebc9ab10ad8d_ppc64le",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:7aca3211b51bcddcfb1e821fa45db1f05ef466e225ccc9b56ae5ebc9ab10ad8d_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:7aca3211b51bcddcfb1e821fa45db1f05ef466e225ccc9b56ae5ebc9ab10ad8d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:1836cf2b97a94f13fcb141e3087139774f225aca0cefea5d8e467bbf4d5d5ccc_ppc64le",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:1836cf2b97a94f13fcb141e3087139774f225aca0cefea5d8e467bbf4d5d5ccc_ppc64le",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:1836cf2b97a94f13fcb141e3087139774f225aca0cefea5d8e467bbf4d5d5ccc_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:1836cf2b97a94f13fcb141e3087139774f225aca0cefea5d8e467bbf4d5d5ccc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:9fd4d382bcf72196d206ccb1f08b03a7867345570e9d2586d6fe6930576db2db_ppc64le",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:9fd4d382bcf72196d206ccb1f08b03a7867345570e9d2586d6fe6930576db2db_ppc64le",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:9fd4d382bcf72196d206ccb1f08b03a7867345570e9d2586d6fe6930576db2db_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:9fd4d382bcf72196d206ccb1f08b03a7867345570e9d2586d6fe6930576db2db?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:3f708d73d392064783cf79a19e7cdbf77cf8cbebd237b3e518603fdaa58623d9_ppc64le",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:3f708d73d392064783cf79a19e7cdbf77cf8cbebd237b3e518603fdaa58623d9_ppc64le",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:3f708d73d392064783cf79a19e7cdbf77cf8cbebd237b3e518603fdaa58623d9_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:3f708d73d392064783cf79a19e7cdbf77cf8cbebd237b3e518603fdaa58623d9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:77bc9ef6736b8cf62924bdb8c1e4a197376cb02a085d3f57d16d31253b621802_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:77bc9ef6736b8cf62924bdb8c1e4a197376cb02a085d3f57d16d31253b621802_amd64",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:77bc9ef6736b8cf62924bdb8c1e4a197376cb02a085d3f57d16d31253b621802_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:77bc9ef6736b8cf62924bdb8c1e4a197376cb02a085d3f57d16d31253b621802?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-operator-bundle@sha256:23c8329638c773b8945e1fb9c234e09a2897de4cb7e3a65f4fe5017e0a1ecf17_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-operator-bundle@sha256:23c8329638c773b8945e1fb9c234e09a2897de4cb7e3a65f4fe5017e0a1ecf17_amd64",
                  "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:23c8329638c773b8945e1fb9c234e09a2897de4cb7e3a65f4fe5017e0a1ecf17_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:23c8329638c773b8945e1fb9c234e09a2897de4cb7e3a65f4fe5017e0a1ecf17?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.0.11-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:3df31930134ff0f9ec3f9f42b304f2c9cd92afdd7525159f4f21c3b84c00dab3_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:3df31930134ff0f9ec3f9f42b304f2c9cd92afdd7525159f4f21c3b84c00dab3_amd64",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:3df31930134ff0f9ec3f9f42b304f2c9cd92afdd7525159f4f21c3b84c00dab3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:3df31930134ff0f9ec3f9f42b304f2c9cd92afdd7525159f4f21c3b84c00dab3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-operator-bundle@sha256:ab6ac87c2c83ddf8a6a681ecfa79b545eea5e8a733a7876a6ee597fffda85c01_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-operator-bundle@sha256:ab6ac87c2c83ddf8a6a681ecfa79b545eea5e8a733a7876a6ee597fffda85c01_amd64",
                  "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:ab6ac87c2c83ddf8a6a681ecfa79b545eea5e8a733a7876a6ee597fffda85c01_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:ab6ac87c2c83ddf8a6a681ecfa79b545eea5e8a733a7876a6ee597fffda85c01?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.0.11-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:780b25802496f4725473193b92bc22d2c11b7a165607f5ca38379c871767c4dc_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:780b25802496f4725473193b92bc22d2c11b7a165607f5ca38379c871767c4dc_amd64",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:780b25802496f4725473193b92bc22d2c11b7a165607f5ca38379c871767c4dc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:780b25802496f4725473193b92bc22d2c11b7a165607f5ca38379c871767c4dc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:832fc72eb239f042e68efb088d4e3e866f8a8dd7c219f3fcb8a679324b953886_amd64",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:832fc72eb239f042e68efb088d4e3e866f8a8dd7c219f3fcb8a679324b953886_amd64",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:832fc72eb239f042e68efb088d4e3e866f8a8dd7c219f3fcb8a679324b953886_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:832fc72eb239f042e68efb088d4e3e866f8a8dd7c219f3fcb8a679324b953886?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:000b9988602eae29b14b0dfe62b5da73ded51fcd2dd634c6436b23bceb3e4bb5_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:000b9988602eae29b14b0dfe62b5da73ded51fcd2dd634c6436b23bceb3e4bb5_amd64",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:000b9988602eae29b14b0dfe62b5da73ded51fcd2dd634c6436b23bceb3e4bb5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:000b9988602eae29b14b0dfe62b5da73ded51fcd2dd634c6436b23bceb3e4bb5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:d4012ebb0bc75b8e0fa77344305dc8220226a9be2d4ca2dec31027e29dda3b42_amd64",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:d4012ebb0bc75b8e0fa77344305dc8220226a9be2d4ca2dec31027e29dda3b42_amd64",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:d4012ebb0bc75b8e0fa77344305dc8220226a9be2d4ca2dec31027e29dda3b42_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:d4012ebb0bc75b8e0fa77344305dc8220226a9be2d4ca2dec31027e29dda3b42?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:c7d7cf86426c0941b770d68dbbd16f2b86abf2d2c16a00230325488d088408fc_amd64",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:c7d7cf86426c0941b770d68dbbd16f2b86abf2d2c16a00230325488d088408fc_amd64",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:c7d7cf86426c0941b770d68dbbd16f2b86abf2d2c16a00230325488d088408fc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:c7d7cf86426c0941b770d68dbbd16f2b86abf2d2c16a00230325488d088408fc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:5e50138469b203f601eea4d6722f3bf96ed2078a368ebb827549d8ee70b72c39_amd64",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:5e50138469b203f601eea4d6722f3bf96ed2078a368ebb827549d8ee70b72c39_amd64",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:5e50138469b203f601eea4d6722f3bf96ed2078a368ebb827549d8ee70b72c39_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:5e50138469b203f601eea4d6722f3bf96ed2078a368ebb827549d8ee70b72c39?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v5.0.11-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-operator-bundle@sha256:23c8329638c773b8945e1fb9c234e09a2897de4cb7e3a65f4fe5017e0a1ecf17_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:23c8329638c773b8945e1fb9c234e09a2897de4cb7e3a65f4fe5017e0a1ecf17_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:23c8329638c773b8945e1fb9c234e09a2897de4cb7e3a65f4fe5017e0a1ecf17_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:77bc9ef6736b8cf62924bdb8c1e4a197376cb02a085d3f57d16d31253b621802_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:77bc9ef6736b8cf62924bdb8c1e4a197376cb02a085d3f57d16d31253b621802_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:77bc9ef6736b8cf62924bdb8c1e4a197376cb02a085d3f57d16d31253b621802_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:b916970dea6c843a2de7cb0988a01798c7822620d2a6bad7fd7b1267779097fd_s390x as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:b916970dea6c843a2de7cb0988a01798c7822620d2a6bad7fd7b1267779097fd_s390x"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:b916970dea6c843a2de7cb0988a01798c7822620d2a6bad7fd7b1267779097fd_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:df770b43f7828f8b9b106a3fcd271af13952ef009e044be96f0d27381cd58d98_ppc64le as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:df770b43f7828f8b9b106a3fcd271af13952ef009e044be96f0d27381cd58d98_ppc64le"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:df770b43f7828f8b9b106a3fcd271af13952ef009e044be96f0d27381cd58d98_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-operator-bundle@sha256:ab6ac87c2c83ddf8a6a681ecfa79b545eea5e8a733a7876a6ee597fffda85c01_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:ab6ac87c2c83ddf8a6a681ecfa79b545eea5e8a733a7876a6ee597fffda85c01_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:ab6ac87c2c83ddf8a6a681ecfa79b545eea5e8a733a7876a6ee597fffda85c01_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4dcdfdb34ef7eea805d4a56e2bade62c1b66de9872155c9db08cbb5337294814_s390x as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:4dcdfdb34ef7eea805d4a56e2bade62c1b66de9872155c9db08cbb5337294814_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:4dcdfdb34ef7eea805d4a56e2bade62c1b66de9872155c9db08cbb5337294814_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:780b25802496f4725473193b92bc22d2c11b7a165607f5ca38379c871767c4dc_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:780b25802496f4725473193b92bc22d2c11b7a165607f5ca38379c871767c4dc_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:780b25802496f4725473193b92bc22d2c11b7a165607f5ca38379c871767c4dc_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e95dc630de08eb883625fd2e2b9bc1cc719651e63bee301884876416dde3661a_ppc64le as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:e95dc630de08eb883625fd2e2b9bc1cc719651e63bee301884876416dde3661a_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e95dc630de08eb883625fd2e2b9bc1cc719651e63bee301884876416dde3661a_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:3df31930134ff0f9ec3f9f42b304f2c9cd92afdd7525159f4f21c3b84c00dab3_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:3df31930134ff0f9ec3f9f42b304f2c9cd92afdd7525159f4f21c3b84c00dab3_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:3df31930134ff0f9ec3f9f42b304f2c9cd92afdd7525159f4f21c3b84c00dab3_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:92c60ffc66d3a573468508d6af77fe0db8fdeb22e7af16337bf90d6e02d873b3_ppc64le as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:92c60ffc66d3a573468508d6af77fe0db8fdeb22e7af16337bf90d6e02d873b3_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:92c60ffc66d3a573468508d6af77fe0db8fdeb22e7af16337bf90d6e02d873b3_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ff9d037857d189dbdf52ec325156873fa041205c62808574a36702c643676076_s390x as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:ff9d037857d189dbdf52ec325156873fa041205c62808574a36702c643676076_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:ff9d037857d189dbdf52ec325156873fa041205c62808574a36702c643676076_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:000b9988602eae29b14b0dfe62b5da73ded51fcd2dd634c6436b23bceb3e4bb5_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:000b9988602eae29b14b0dfe62b5da73ded51fcd2dd634c6436b23bceb3e4bb5_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:000b9988602eae29b14b0dfe62b5da73ded51fcd2dd634c6436b23bceb3e4bb5_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:339b7a228a8cd1e15498a6081332ec0af20913f488afa521e5134bf78f6eb6f3_s390x as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:339b7a228a8cd1e15498a6081332ec0af20913f488afa521e5134bf78f6eb6f3_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:339b7a228a8cd1e15498a6081332ec0af20913f488afa521e5134bf78f6eb6f3_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:7aca3211b51bcddcfb1e821fa45db1f05ef466e225ccc9b56ae5ebc9ab10ad8d_ppc64le as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:7aca3211b51bcddcfb1e821fa45db1f05ef466e225ccc9b56ae5ebc9ab10ad8d_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:7aca3211b51bcddcfb1e821fa45db1f05ef466e225ccc9b56ae5ebc9ab10ad8d_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:1836cf2b97a94f13fcb141e3087139774f225aca0cefea5d8e467bbf4d5d5ccc_ppc64le as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:1836cf2b97a94f13fcb141e3087139774f225aca0cefea5d8e467bbf4d5d5ccc_ppc64le"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:1836cf2b97a94f13fcb141e3087139774f225aca0cefea5d8e467bbf4d5d5ccc_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:6728124547e2017d7422a878c088aaeae249b5de184131ef3ffbeaf908cb5ee3_s390x as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:6728124547e2017d7422a878c088aaeae249b5de184131ef3ffbeaf908cb5ee3_s390x"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:6728124547e2017d7422a878c088aaeae249b5de184131ef3ffbeaf908cb5ee3_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:d4012ebb0bc75b8e0fa77344305dc8220226a9be2d4ca2dec31027e29dda3b42_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:d4012ebb0bc75b8e0fa77344305dc8220226a9be2d4ca2dec31027e29dda3b42_amd64"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:d4012ebb0bc75b8e0fa77344305dc8220226a9be2d4ca2dec31027e29dda3b42_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:2ecc31383fe12b21cb9d0796e730349c742f2b319c0228e2dee0e10db48f898f_s390x as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:2ecc31383fe12b21cb9d0796e730349c742f2b319c0228e2dee0e10db48f898f_s390x"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:2ecc31383fe12b21cb9d0796e730349c742f2b319c0228e2dee0e10db48f898f_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:9fd4d382bcf72196d206ccb1f08b03a7867345570e9d2586d6fe6930576db2db_ppc64le as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:9fd4d382bcf72196d206ccb1f08b03a7867345570e9d2586d6fe6930576db2db_ppc64le"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:9fd4d382bcf72196d206ccb1f08b03a7867345570e9d2586d6fe6930576db2db_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:c7d7cf86426c0941b770d68dbbd16f2b86abf2d2c16a00230325488d088408fc_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c7d7cf86426c0941b770d68dbbd16f2b86abf2d2c16a00230325488d088408fc_amd64"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:c7d7cf86426c0941b770d68dbbd16f2b86abf2d2c16a00230325488d088408fc_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:3f708d73d392064783cf79a19e7cdbf77cf8cbebd237b3e518603fdaa58623d9_ppc64le as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:3f708d73d392064783cf79a19e7cdbf77cf8cbebd237b3e518603fdaa58623d9_ppc64le"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:3f708d73d392064783cf79a19e7cdbf77cf8cbebd237b3e518603fdaa58623d9_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:5e50138469b203f601eea4d6722f3bf96ed2078a368ebb827549d8ee70b72c39_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:5e50138469b203f601eea4d6722f3bf96ed2078a368ebb827549d8ee70b72c39_amd64"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:5e50138469b203f601eea4d6722f3bf96ed2078a368ebb827549d8ee70b72c39_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:faca27d01c6a8302605d4c9e47837961aba161dbf957b29becb5e72d17b1dfdc_s390x as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:faca27d01c6a8302605d4c9e47837961aba161dbf957b29becb5e72d17b1dfdc_s390x"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:faca27d01c6a8302605d4c9e47837961aba161dbf957b29becb5e72d17b1dfdc_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:66b3dad7c0c3ce105321dbe919fc7c73a5230f7093fb21b309011c343984a081_s390x as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:66b3dad7c0c3ce105321dbe919fc7c73a5230f7093fb21b309011c343984a081_s390x"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:66b3dad7c0c3ce105321dbe919fc7c73a5230f7093fb21b309011c343984a081_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:832fc72eb239f042e68efb088d4e3e866f8a8dd7c219f3fcb8a679324b953886_amd64 as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:832fc72eb239f042e68efb088d4e3e866f8a8dd7c219f3fcb8a679324b953886_amd64"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:832fc72eb239f042e68efb088d4e3e866f8a8dd7c219f3fcb8a679324b953886_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:d95b8e5716afb53d25711900d2b840eb50f5603a91742f4d227e624c1e1d7b3d_ppc64le as a component of OpenShift Logging 5.0",
          "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:d95b8e5716afb53d25711900d2b840eb50f5603a91742f4d227e624c1e1d7b3d_ppc64le"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:d95b8e5716afb53d25711900d2b840eb50f5603a91742f4d227e624c1e1d7b3d_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-45105",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2021-12-19T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:23c8329638c773b8945e1fb9c234e09a2897de4cb7e3a65f4fe5017e0a1ecf17_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:77bc9ef6736b8cf62924bdb8c1e4a197376cb02a085d3f57d16d31253b621802_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:b916970dea6c843a2de7cb0988a01798c7822620d2a6bad7fd7b1267779097fd_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:df770b43f7828f8b9b106a3fcd271af13952ef009e044be96f0d27381cd58d98_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:ab6ac87c2c83ddf8a6a681ecfa79b545eea5e8a733a7876a6ee597fffda85c01_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:4dcdfdb34ef7eea805d4a56e2bade62c1b66de9872155c9db08cbb5337294814_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:780b25802496f4725473193b92bc22d2c11b7a165607f5ca38379c871767c4dc_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:e95dc630de08eb883625fd2e2b9bc1cc719651e63bee301884876416dde3661a_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:3df31930134ff0f9ec3f9f42b304f2c9cd92afdd7525159f4f21c3b84c00dab3_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:92c60ffc66d3a573468508d6af77fe0db8fdeb22e7af16337bf90d6e02d873b3_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:ff9d037857d189dbdf52ec325156873fa041205c62808574a36702c643676076_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:1836cf2b97a94f13fcb141e3087139774f225aca0cefea5d8e467bbf4d5d5ccc_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:6728124547e2017d7422a878c088aaeae249b5de184131ef3ffbeaf908cb5ee3_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:d4012ebb0bc75b8e0fa77344305dc8220226a9be2d4ca2dec31027e29dda3b42_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:2ecc31383fe12b21cb9d0796e730349c742f2b319c0228e2dee0e10db48f898f_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:9fd4d382bcf72196d206ccb1f08b03a7867345570e9d2586d6fe6930576db2db_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c7d7cf86426c0941b770d68dbbd16f2b86abf2d2c16a00230325488d088408fc_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:3f708d73d392064783cf79a19e7cdbf77cf8cbebd237b3e518603fdaa58623d9_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:5e50138469b203f601eea4d6722f3bf96ed2078a368ebb827549d8ee70b72c39_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:faca27d01c6a8302605d4c9e47837961aba161dbf957b29becb5e72d17b1dfdc_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:66b3dad7c0c3ce105321dbe919fc7c73a5230f7093fb21b309011c343984a081_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:832fc72eb239f042e68efb088d4e3e866f8a8dd7c219f3fcb8a679324b953886_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:d95b8e5716afb53d25711900d2b840eb50f5603a91742f4d227e624c1e1d7b3d_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2034067"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup and can cause Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Product Security has performed an analysis of this flaw and has classified the Attack Complexity(AC) as High because there are multiple factors involved which are beyond attacker\u0027s control:\n\n- The application has to use the logging configuration using a Context Map Lookup (for example, $${ctx:loginId}) which is a non-default Pattern Layout.\n- The application developer has to use the map org.apache.logging.log4j.ThreadContext in the application code and save at-least one key (for example, ThreadContext.put(\"loginId\", \"myId\");) in the ThreadContext map object.\n- Attackers must also know this saved key name in order to exploit this flaw.\n\nNote that saving keys in this map is a non-essential usage of log4j and just an optional feature provided. Refer to https://logging.apache.org/log4j/2.x/manual/lookups.html#ContextMapLookup to know more about the Context Map Lookup feature of Log4j.\n\nLog4j 1.x is not impacted by this vulnerability. Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using ONLY the log4j-api JAR file without the log4j-core JAR file are NOT impacted by this vulnerability.\n\n\nDespite including a vulnerable version of Log4j 2.x, this vulnerability is not exploitable in Elasticsearch[0], as shipped in OpenShift Container Platform and OpenShift Logging. OpenShift 3.11 specifically does not contain any context lookups:\n\nhttps://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_elasticsearch/templates/log4j2.properties.j2\n\nThis vulnerability is therefore rated Low for Elasticsearch in OpenShift Container Platform and OpenShift Logging.\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-december-18-4",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:000b9988602eae29b14b0dfe62b5da73ded51fcd2dd634c6436b23bceb3e4bb5_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:339b7a228a8cd1e15498a6081332ec0af20913f488afa521e5134bf78f6eb6f3_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:7aca3211b51bcddcfb1e821fa45db1f05ef466e225ccc9b56ae5ebc9ab10ad8d_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:23c8329638c773b8945e1fb9c234e09a2897de4cb7e3a65f4fe5017e0a1ecf17_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:77bc9ef6736b8cf62924bdb8c1e4a197376cb02a085d3f57d16d31253b621802_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:b916970dea6c843a2de7cb0988a01798c7822620d2a6bad7fd7b1267779097fd_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:df770b43f7828f8b9b106a3fcd271af13952ef009e044be96f0d27381cd58d98_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:ab6ac87c2c83ddf8a6a681ecfa79b545eea5e8a733a7876a6ee597fffda85c01_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:4dcdfdb34ef7eea805d4a56e2bade62c1b66de9872155c9db08cbb5337294814_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:780b25802496f4725473193b92bc22d2c11b7a165607f5ca38379c871767c4dc_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:e95dc630de08eb883625fd2e2b9bc1cc719651e63bee301884876416dde3661a_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:3df31930134ff0f9ec3f9f42b304f2c9cd92afdd7525159f4f21c3b84c00dab3_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:92c60ffc66d3a573468508d6af77fe0db8fdeb22e7af16337bf90d6e02d873b3_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:ff9d037857d189dbdf52ec325156873fa041205c62808574a36702c643676076_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:1836cf2b97a94f13fcb141e3087139774f225aca0cefea5d8e467bbf4d5d5ccc_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:6728124547e2017d7422a878c088aaeae249b5de184131ef3ffbeaf908cb5ee3_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:d4012ebb0bc75b8e0fa77344305dc8220226a9be2d4ca2dec31027e29dda3b42_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:2ecc31383fe12b21cb9d0796e730349c742f2b319c0228e2dee0e10db48f898f_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:9fd4d382bcf72196d206ccb1f08b03a7867345570e9d2586d6fe6930576db2db_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c7d7cf86426c0941b770d68dbbd16f2b86abf2d2c16a00230325488d088408fc_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:3f708d73d392064783cf79a19e7cdbf77cf8cbebd237b3e518603fdaa58623d9_ppc64le",
          "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:5e50138469b203f601eea4d6722f3bf96ed2078a368ebb827549d8ee70b72c39_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:faca27d01c6a8302605d4c9e47837961aba161dbf957b29becb5e72d17b1dfdc_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:66b3dad7c0c3ce105321dbe919fc7c73a5230f7093fb21b309011c343984a081_s390x",
          "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:832fc72eb239f042e68efb088d4e3e866f8a8dd7c219f3fcb8a679324b953886_amd64",
          "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:d95b8e5716afb53d25711900d2b840eb50f5603a91742f4d227e624c1e1d7b3d_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-45105"
        },
        {
          "category": "external",
          "summary": "RHBZ#2034067",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-45105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/LOG4J2-3230",
          "url": "https://issues.apache.org/jira/browse/LOG4J2-3230"
        },
        {
          "category": "external",
          "summary": "https://logging.apache.org/log4j/2.x/security.html",
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "category": "external",
          "summary": "https://www.openwall.com/lists/oss-security/2021/12/19/1",
          "url": "https://www.openwall.com/lists/oss-security/2021/12/19/1"
        }
      ],
      "release_date": "2021-12-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-10T12:24:26+00:00",
          "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:000b9988602eae29b14b0dfe62b5da73ded51fcd2dd634c6436b23bceb3e4bb5_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:339b7a228a8cd1e15498a6081332ec0af20913f488afa521e5134bf78f6eb6f3_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:7aca3211b51bcddcfb1e821fa45db1f05ef466e225ccc9b56ae5ebc9ab10ad8d_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0047"
        },
        {
          "category": "workaround",
          "details": "For Log4j 2 versions up to and including 2.16.0, this flaw can be mitigated by:\n- In PatternLayout in the Log4j logging configuration, replace Context Lookups like ${ctx:loginId} or $${ctx:loginId} with Thread Context Map patterns (%X, %mdc, or %MDC) like %X{loginId}.\n- Otherwise, in the Log4j logging configuration, remove references to Context Lookups like ${ctx:loginId} or $${ctx:loginId} where they originate from sources external to the application such as HTTP headers or user input.",
          "product_ids": [
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:23c8329638c773b8945e1fb9c234e09a2897de4cb7e3a65f4fe5017e0a1ecf17_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:77bc9ef6736b8cf62924bdb8c1e4a197376cb02a085d3f57d16d31253b621802_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:b916970dea6c843a2de7cb0988a01798c7822620d2a6bad7fd7b1267779097fd_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:df770b43f7828f8b9b106a3fcd271af13952ef009e044be96f0d27381cd58d98_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:ab6ac87c2c83ddf8a6a681ecfa79b545eea5e8a733a7876a6ee597fffda85c01_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:4dcdfdb34ef7eea805d4a56e2bade62c1b66de9872155c9db08cbb5337294814_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:780b25802496f4725473193b92bc22d2c11b7a165607f5ca38379c871767c4dc_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:e95dc630de08eb883625fd2e2b9bc1cc719651e63bee301884876416dde3661a_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:3df31930134ff0f9ec3f9f42b304f2c9cd92afdd7525159f4f21c3b84c00dab3_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:92c60ffc66d3a573468508d6af77fe0db8fdeb22e7af16337bf90d6e02d873b3_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:ff9d037857d189dbdf52ec325156873fa041205c62808574a36702c643676076_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:000b9988602eae29b14b0dfe62b5da73ded51fcd2dd634c6436b23bceb3e4bb5_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:339b7a228a8cd1e15498a6081332ec0af20913f488afa521e5134bf78f6eb6f3_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:7aca3211b51bcddcfb1e821fa45db1f05ef466e225ccc9b56ae5ebc9ab10ad8d_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:1836cf2b97a94f13fcb141e3087139774f225aca0cefea5d8e467bbf4d5d5ccc_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:6728124547e2017d7422a878c088aaeae249b5de184131ef3ffbeaf908cb5ee3_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:d4012ebb0bc75b8e0fa77344305dc8220226a9be2d4ca2dec31027e29dda3b42_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:2ecc31383fe12b21cb9d0796e730349c742f2b319c0228e2dee0e10db48f898f_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:9fd4d382bcf72196d206ccb1f08b03a7867345570e9d2586d6fe6930576db2db_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c7d7cf86426c0941b770d68dbbd16f2b86abf2d2c16a00230325488d088408fc_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:3f708d73d392064783cf79a19e7cdbf77cf8cbebd237b3e518603fdaa58623d9_ppc64le",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:5e50138469b203f601eea4d6722f3bf96ed2078a368ebb827549d8ee70b72c39_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:faca27d01c6a8302605d4c9e47837961aba161dbf957b29becb5e72d17b1dfdc_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:66b3dad7c0c3ce105321dbe919fc7c73a5230f7093fb21b309011c343984a081_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:832fc72eb239f042e68efb088d4e3e866f8a8dd7c219f3fcb8a679324b953886_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:d95b8e5716afb53d25711900d2b840eb50f5603a91742f4d227e624c1e1d7b3d_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:000b9988602eae29b14b0dfe62b5da73ded51fcd2dd634c6436b23bceb3e4bb5_amd64",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:339b7a228a8cd1e15498a6081332ec0af20913f488afa521e5134bf78f6eb6f3_s390x",
            "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:7aca3211b51bcddcfb1e821fa45db1f05ef466e225ccc9b56ae5ebc9ab10ad8d_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern"
    }
  ]
}

cve-2021-45105

Vulnerability from cvelistv5

Published

2021-12-18 11:55

Modified

2024-08-04 04:39

Severity ?

Summary

Apache Log4j2 does not always protect from infinite recursion in lookup evaluation

References

▼	URL	Tags
	https://logging.apache.org/log4j/2.x/security.html	x_refsource_MISC
	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032	x_refsource_CONFIRM
	https://www.kb.cert.org/vuls/id/930724	third-party-advisory, x_refsource_CERT-VN
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	vendor-advisory, x_refsource_CISCO
	http://www.openwall.com/lists/oss-security/2021/12/19/1	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2021/dsa-5024	vendor-advisory, x_refsource_DEBIAN
	https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20211218-0001/	x_refsource_CONFIRM
	https://www.zerodayinitiative.com/advisories/ZDI-21-1541/	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Apache Software Foundation	Apache Log4j2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:39:20.295Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://logging.apache.org/log4j/2.x/security.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
          },
          {
            "name": "VU#930724",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/930724"
          },
          {
            "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
          },
          {
            "name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
          },
          {
            "name": "DSA-5024",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5024"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Log4j2",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.13.0",
                  "status": "affected"
                },
                {
                  "at": "2.12.3",
                  "status": "unaffected"
                },
                {
                  "at": "2.4",
                  "status": "affected"
                },
                {
                  "at": "2.3.1",
                  "status": "unaffected"
                },
                {
                  "at": "2.0-alpha1",
                  "status": "affected"
                }
              ],
              "lessThan": "2.17.0",
              "status": "affected",
              "version": "log4j-core",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro\u2019s Zero Day Initiative, and another anonymous vulnerability researcher"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "high"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:41:57",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
        },
        {
          "name": "VU#930724",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/930724"
        },
        {
          "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
        },
        {
          "name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
        },
        {
          "name": "DSA-5024",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5024"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "source": {
        "defect": [
          "LOG4J2-3230"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
      "workarounds": [
        {
          "lang": "en",
          "value": "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-45105",
          "STATE": "PUBLIC",
          "TITLE": "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Log4j2",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "log4j-core",
                            "version_value": "2.17.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "log4j-core",
                            "version_value": "2.13.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "log4j-core",
                            "version_value": "2.12.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "log4j-core",
                            "version_value": "2.4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "log4j-core",
                            "version_value": "2.3.1"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "log4j-core",
                            "version_value": "2.0-alpha1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro\u2019s Zero Day Initiative, and another anonymous vulnerability researcher"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "high"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-674: Uncontrolled Recursion"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://logging.apache.org/log4j/2.x/security.html",
              "refsource": "MISC",
              "url": "https://logging.apache.org/log4j/2.x/security.html"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
            },
            {
              "name": "VU#930724",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/930724"
            },
            {
              "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
            },
            {
              "name": "DSA-5024",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-5024"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211218-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        },
        "source": {
          "defect": [
            "LOG4J2-3230"
          ],
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-45105",
    "datePublished": "2021-12-18T11:55:08",
    "dateReserved": "2021-12-16T00:00:00",
    "dateUpdated": "2024-08-04T04:39:20.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted