rhsa-2022_0687
Vulnerability from csaf_redhat
Published
2022-02-28 21:18
Modified
2024-11-06 00:31
Summary
Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.1 security and bug fix update

Notes

Topic
OpenShift API for Data Protection (OADP) 1.0.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Security Fix(es): * ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482) * opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "OpenShift API for Data Protection (OADP) 1.0.1 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.\n\nSecurity Fix(es):\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:0687",
        "url": "https://access.redhat.com/errata/RHSA-2022:0687"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1954368",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954368"
      },
      {
        "category": "external",
        "summary": "2024938",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024938"
      },
      {
        "category": "external",
        "summary": "OADP-198",
        "url": "https://issues.redhat.com/browse/OADP-198"
      },
      {
        "category": "external",
        "summary": "OADP-223",
        "url": "https://issues.redhat.com/browse/OADP-223"
      },
      {
        "category": "external",
        "summary": "OADP-272",
        "url": "https://issues.redhat.com/browse/OADP-272"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0687.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.1 security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-06T00:31:37+00:00",
      "generator": {
        "date": "2024-11-06T00:31:37+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2022:0687",
      "initial_release_date": "2022-02-28T21:18:28+00:00",
      "revision_history": [
        {
          "date": "2022-02-28T21:18:28+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-02-28T21:18:28+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-06T00:31:37+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-OADP-1.0",
                "product": {
                  "name": "8Base-OADP-1.0",
                  "product_id": "8Base-OADP-1.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "OpenShift API for Data Protection"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
                "product": {
                  "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
                  "product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.0.1-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
                "product": {
                  "name": "oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
                  "product_id": "oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.0.1-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
                "product": {
                  "name": "oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
                  "product_id": "oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.0.1-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
                "product": {
                  "name": "oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
                  "product_id": "oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.0.1-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
                "product": {
                  "name": "oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
                  "product_id": "oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-registry-rhel8\u0026tag=1.0.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64",
                "product": {
                  "name": "oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64",
                  "product_id": "oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.0.1-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64",
                  "product_id": "oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.0.1-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.0.1-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.0.1-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.0.1-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.0.1-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
                "product": {
                  "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
                  "product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.0.1-4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64"
        },
        "product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64"
        },
        "product_reference": "oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64"
        },
        "product_reference": "oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64"
        },
        "product_reference": "oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64"
        },
        "product_reference": "oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64"
        },
        "product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64 as a component of 8Base-OADP-1.0",
          "product_id": "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64"
        },
        "product_reference": "oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64",
        "relates_to_product_reference": "8Base-OADP-1.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-29482",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-04-28T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1954368"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in github.com/ulikunitz/xz. The function readUvarint may not terminate a loop what could lead to denial of service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are behind OpenShift OAuth authentication, therefore the impact is low.\nIn OCP before 4.7 the buildah, skopeo and podman packages include vulnerable version of github.com/ulikunitz/xz, but these OCP releases are already in the Maintenance Phase of the support, hence affected components are marked as wontfix. This may be fixed in the future.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
          "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
          "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
          "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
          "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-29482"
        },
        {
          "category": "external",
          "summary": "RHBZ#1954368",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954368"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-29482",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-29482"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29482",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29482"
        }
      ],
      "release_date": "2020-08-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-02-28T21:18:28+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0687"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "ulikunitz/xz: Infinite loop in readUvarint allows for denial of service"
    },
    {
      "cve": "CVE-2021-41190",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "discovery_date": "2021-11-18T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
            "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
            "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
            "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2024938"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manifest or an index. In the OCI Image Specification version 1.0.1 there is specified a recommendation that both manifest and index documents contain a `mediaType` field to identify the type of document.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "opencontainers: OCI manifest and index parsing confusion",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "As a consequence of the OCI Image Specification (and OCI Distribution Specification [1]), container runtime engines (like containerd, moby - Docker Engine, cri-o) deliver updates to adopt new `mediaType` field used for identification of the document type. Even though some Red Hat products rely on container engine, the impact by this issue is LOW.\n\n[1] https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.0:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:994dbf4e76ba187e1066f2b68ca4a5dba3f4f32c481bdb324874df6d8e9f9c8c_amd64",
          "8Base-OADP-1.0:oadp/oadp-mustgather-rhel8@sha256:dfc68db1acca3b88e5ddf1f5f89be3a6a333d6e7b89d754fa131e35b22666349_amd64",
          "8Base-OADP-1.0:oadp/oadp-operator-bundle@sha256:92f0845b726be3bdd0436961dc2d13da5b7b45d0a6f5d2371511b6e676bfd484_amd64",
          "8Base-OADP-1.0:oadp/oadp-rhel8-operator@sha256:c3345ec8a8702bb959fbdf44f1889ded94b9bcc8f357b4d4c7837ff3217b1221_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:1e492468f7bdcd5929a52161e4acdd9b70b89b57e85a8fad3328e354df9bc8a4_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:e6f49b43014d3723fe364333eaf3b9aca65d739bcc346fba79573c78a11a513b_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:57ef82ab24f41c21719fcfa81cf49906f40219b96f2eb55db4a67995e620ad72_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:5f844dff42442699c1138d24739debefc4d99e9a7614adb65403787cf78e6880_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:f7b4f9749e9db856beeee9dc6225e28add8b2a3dc4a719fd4c23fc03b832d28e_amd64",
          "8Base-OADP-1.0:oadp/oadp-velero-rhel8@sha256:fd6c2d463817001039aae27f6de069e0a729833167979944876e88dabbc59772_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-41190"
        },
        {
          "category": "external",
          "summary": "RHBZ#2024938",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024938"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-41190",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-41190"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41190",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41190"
        },
        {
          "category": "external",
          "summary": "https://github.com/moby/moby/security/advisories/GHSA-xmmx-7jpf-fx42",
          "url": "https://github.com/moby/moby/security/advisories/GHSA-xmmx-7jpf-fx42"
        },
        {
          "category": "external",
          "summary": "https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m",
          "url": "https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m"
        },
        {
          "category": "external",
          "summary": "https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh",
          "url": "https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh"
        }
      ],
      "release_date": "2021-11-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-02-28T21:18:28+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0687"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.0:oadp/oadp-registry-rhel8@sha256:fe55f8e6d08bed2bd5925d504fbbd3ab7aa60287ed2baff44c583b814505baf8_amd64",
            "8Base-OADP-1.0:oadp/oadp-velero-plugin-rhel8@sha256:1cd2134419e7c7c1421ec68bbbe9a8b06da63b8221672a888d83056f02af16ed_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "opencontainers: OCI manifest and index parsing confusion"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.