rhsa-2022_0230
Vulnerability from csaf_redhat
Published
2022-01-21 19:04
Modified
2024-11-24 21:30
Summary
Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.2.6)
Notes
Topic
An update is now available for OpenShift Logging (5.2.6)
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
OpenShift Logging Bug Fix Release (5.2.6)
Security Fix(es):
* nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)
* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update is now available for OpenShift Logging (5.2.6)\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "OpenShift Logging Bug Fix Release (5.2.6)\n\nSecurity Fix(es):\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2022:0230", url: "https://access.redhat.com/errata/RHSA-2022:0230", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "1940613", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1940613", }, { category: "external", summary: "2035951", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2035951", }, { category: "external", summary: "LOG-2104", url: "https://issues.redhat.com/browse/LOG-2104", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0230.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.2.6)", tracking: { current_release_date: "2024-11-24T21:30:26+00:00", generator: { date: "2024-11-24T21:30:26+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2022:0230", initial_release_date: "2022-01-21T19:04:46+00:00", revision_history: [ { date: "2022-01-21T19:04:46+00:00", number: "1", summary: "Initial version", }, { date: "2022-01-21T19:04:46+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-24T21:30:26+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "OpenShift Logging 5.2", product: { name: "OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2", product_identification_helper: { cpe: "cpe:/a:redhat:logging:5.2::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Enterprise", }, { branches: [ { category: "product_version", name: "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", product: { name: "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", product_id: "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", product_identification_helper: { purl: "pkg:oci/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954?arch=s390x&repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator&tag=v5.2.6-2", }, }, }, { category: "product_version", name: "openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", product: { name: "openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", product_id: "openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", product_identification_helper: { purl: "pkg:oci/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76?arch=s390x&repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator&tag=v5.2.6-2", }, }, }, { category: "product_version", name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", product: { name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", product_id: "openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", product_identification_helper: { purl: "pkg:oci/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8?arch=s390x&repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8&tag=v1.0.0-104", }, }, }, { category: "product_version", name: "openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", product: { name: "openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", product_id: "openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", product_identification_helper: { purl: "pkg:oci/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e?arch=s390x&repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8&tag=v1.0.0-71", }, }, }, { category: "product_version", name: "openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", product: { name: "openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", product_id: "openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", product_identification_helper: { purl: "pkg:oci/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6?arch=s390x&repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8&tag=v5.8.1-73", }, }, }, { category: "product_version", name: "openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", product: { name: "openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", product_id: "openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", product_identification_helper: { purl: "pkg:oci/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76?arch=s390x&repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8&tag=v6.8.1-100", }, }, }, { category: "product_version", name: "openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", product: { name: "openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", product_id: "openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", product_identification_helper: { purl: "pkg:oci/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55?arch=s390x&repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8&tag=v0.3.0-99", }, }, }, { category: "product_version", name: "openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", product: { name: "openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", product_id: "openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", product_identification_helper: { purl: "pkg:oci/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393?arch=s390x&repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8&tag=v1.7.4-104", }, }, }, { category: "product_version", name: "openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", product: { name: "openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", product_id: "openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", product_identification_helper: { purl: "pkg:oci/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a?arch=s390x&repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8&tag=v6.8.1-110", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", product: { name: "openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", product_id: "openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", product_identification_helper: { purl: "pkg:oci/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71?arch=amd64&repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator&tag=v5.2.6-2", }, }, }, { category: "product_version", name: "openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", product: { name: "openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", product_id: "openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", product_identification_helper: { purl: "pkg:oci/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8?arch=amd64&repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle&tag=v5.2.6-6", }, }, }, { category: "product_version", name: "openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", product: { name: "openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", product_id: "openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", product_identification_helper: { purl: "pkg:oci/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010?arch=amd64&repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator&tag=v5.2.6-2", }, }, }, { category: "product_version", name: "openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", product: { name: "openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", product_id: "openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", product_identification_helper: { purl: "pkg:oci/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981?arch=amd64&repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle&tag=v5.2.6-6", }, }, }, { category: "product_version", name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", product: { name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", product_id: "openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", product_identification_helper: { purl: "pkg:oci/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f?arch=amd64&repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8&tag=v1.0.0-104", }, }, }, { category: "product_version", name: "openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", product: { name: "openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", product_id: "openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", product_identification_helper: { purl: "pkg:oci/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963?arch=amd64&repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8&tag=v1.0.0-71", }, }, }, { category: "product_version", name: "openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", product: { name: "openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", product_id: "openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", product_identification_helper: { purl: "pkg:oci/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541?arch=amd64&repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8&tag=v5.8.1-73", }, }, }, { category: "product_version", name: "openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", product: { name: "openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", product_id: "openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", product_identification_helper: { purl: "pkg:oci/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94?arch=amd64&repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8&tag=v6.8.1-100", }, }, }, { category: "product_version", name: "openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", product: { name: "openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", product_id: "openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", product_identification_helper: { purl: "pkg:oci/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd?arch=amd64&repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8&tag=v0.3.0-99", }, }, }, { category: "product_version", name: "openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", product: { name: "openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", product_id: "openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", product_identification_helper: { purl: "pkg:oci/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0?arch=amd64&repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8&tag=v1.7.4-104", }, }, }, { category: "product_version", name: "openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", product: { name: "openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", product_id: "openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", product_identification_helper: { purl: "pkg:oci/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922?arch=amd64&repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8&tag=v6.8.1-110", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", product: { name: "openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", product_id: "openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", product_identification_helper: { purl: "pkg:oci/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde?arch=ppc64le&repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator&tag=v5.2.6-2", }, }, }, { category: "product_version", name: "openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", product: { name: "openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", product_id: "openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", product_identification_helper: { purl: "pkg:oci/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1?arch=ppc64le&repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator&tag=v5.2.6-2", }, }, }, { category: "product_version", name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", product: { name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", product_id: "openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", product_identification_helper: { purl: "pkg:oci/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc?arch=ppc64le&repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8&tag=v1.0.0-104", }, }, }, { category: "product_version", name: "openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", product: { name: "openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", product_id: "openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", product_identification_helper: { purl: "pkg:oci/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399?arch=ppc64le&repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8&tag=v1.0.0-71", }, }, }, { category: "product_version", name: "openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le", product: { name: "openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le", product_id: "openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le", product_identification_helper: { purl: "pkg:oci/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c?arch=ppc64le&repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8&tag=v5.8.1-73", }, }, }, { category: "product_version", name: "openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", product: { name: "openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", product_id: "openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", product_identification_helper: { purl: "pkg:oci/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552?arch=ppc64le&repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8&tag=v6.8.1-100", }, }, }, { category: "product_version", name: "openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", product: { name: "openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", product_id: "openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", product_identification_helper: { purl: "pkg:oci/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264?arch=ppc64le&repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8&tag=v0.3.0-99", }, }, }, { category: "product_version", name: "openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", product: { name: "openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", product_id: "openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", product_identification_helper: { purl: "pkg:oci/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74?arch=ppc64le&repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8&tag=v1.7.4-104", }, }, }, { category: "product_version", name: "openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", product: { name: "openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", product_id: "openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", product_identification_helper: { purl: "pkg:oci/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406?arch=ppc64le&repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8&tag=v6.8.1-110", }, }, }, ], category: "architecture", name: "ppc64le", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64 as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", }, product_reference: "openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", }, product_reference: "openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", }, product_reference: "openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64 as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", }, product_reference: "openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64 as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", }, product_reference: "openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", }, product_reference: "openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", }, product_reference: "openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64 as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", }, product_reference: "openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64 as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", }, product_reference: "openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", }, product_reference: "openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", }, product_reference: "openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", }, product_reference: "openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", }, product_reference: "openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64 as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", }, product_reference: "openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", }, product_reference: "openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64 as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", }, product_reference: "openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", }, product_reference: "openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64 as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", }, product_reference: "openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", }, product_reference: "openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", }, product_reference: "openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", }, product_reference: "openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64 as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", }, product_reference: "openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", }, product_reference: "openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64 as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", }, product_reference: "openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", }, product_reference: "openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", }, product_reference: "openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64 as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", }, product_reference: "openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", }, product_reference: "openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, { category: "default_component_of", full_product_name: { name: "openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le as a component of OpenShift Logging 5.2", product_id: "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le", }, product_reference: "openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le", relates_to_product_reference: "8Base-OSE-LOGGING-5.2", }, ], }, vulnerabilities: [ { cve: "CVE-2021-27292", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2021-03-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "1940613", }, ], notes: [ { category: "description", text: "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `ua-parser-js`. If a supplied user agent matches the `Noble` string and contains many spaces then the regex will conduct backtracking, taking an ever increasing amount of time depending on the number of spaces supplied. An attacker can use this vulnerability to potentially craft a malicious user agent resulting in a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-ua-parser-js: ReDoS via malicious User-Agent header", title: "Vulnerability summary", }, { category: "other", text: "While some components do package a vulnerable version of ua-parser-js, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. This applies to the following products:\n - OpenShift Container Platform (OCP)\n - OpenShift ServiceMesh (OSSM) \n - Red Hat OpenShift Jaeger (RHOSJ)\n - Red Hat OpenShift Logging\n\nThe OCP presto-container does ship the vulnerable component, however since OCP 4.6 the Metering product has been deprecated [1], set as wont-fix and may be fixed in a future release.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships graphql-tools that pulls 0.7.23 version of ua-parser-js that uses the affected code.\n\n[1] - https://access.redhat.com/solutions/5707561", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", ], known_not_affected: [ "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-27292", }, { category: "external", summary: "RHBZ#1940613", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1940613", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-27292", url: "https://www.cve.org/CVERecord?id=CVE-2021-27292", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-27292", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-27292", }, { category: "external", summary: "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76", url: "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76", }, ], release_date: "2021-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-01-21T19:04:46+00:00", details: "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", product_ids: [ "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0230", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-ua-parser-js: ReDoS via malicious User-Agent header", }, { cve: "CVE-2021-44832", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2021-12-28T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2035951", }, ], notes: [ { category: "description", text: "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", title: "Vulnerability description", }, { category: "summary", text: "log4j-core: remote code execution via JDBC Appender", title: "Vulnerability summary", }, { category: "other", text: "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", ], known_not_affected: [ "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-44832", }, { category: "external", summary: "RHBZ#2035951", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2035951", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-44832", url: "https://www.cve.org/CVERecord?id=CVE-2021-44832", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", }, { category: "external", summary: "https://issues.apache.org/jira/browse/LOG4J2-3293", url: "https://issues.apache.org/jira/browse/LOG4J2-3293", }, ], release_date: "2021-12-28T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2022-01-21T19:04:46+00:00", details: "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", product_ids: [ "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2022:0230", }, { category: "workaround", details: "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.", product_ids: [ "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:f4834508c179ac8ec28747587ea9a5c581e66b8a43dbc484e0b471ec44c5e7a8_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:3fa8f9590e009139c5d3c7f104d3bfee279e6a4a648b9f76defad60fa0a32954_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:1738c1f613bc80f825795bba194000dd354e15aa05e881ef103e63ce4c905ac8_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:5bfaebca00db5b6ae5acb4a929be36f40704ac5a64806a13561c05b2409ed264_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:a0a4983317c397185b3c3dfda4f3399cad0b53daebe68a553991558fed8657cd_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:5ec68bc1aa764552cb1471a1844708747fced656c031b8c8428deecd3137eb3a_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:e29a5cc022aa302459cff0ba435c24164ea5578d4f1468ab6bdfea0011220406_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:c442371d189720167dd3de9deaab587dad8ab810977040da26f3457cfd6eb10e_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.6, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:be1dd8dfaf204fa739a202ac7ddfcf3ed4441c97d05fa914cbbff34d5467bd76_s390x", "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "log4j-core: remote code execution via JDBC Appender", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.