rhsa-2022_0727
Vulnerability from csaf_redhat
Published
2022-03-01 18:15
Modified
2024-11-24 21:23
Summary
Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.1.9)

Notes

Topic
OpenShift Logging bug fix and security update (5.1.9) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Logging bug fix and security update (5.1.9) Security Fix(es): * jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491) * origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "OpenShift Logging bug fix and security update (5.1.9)\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift Logging bug fix and security update (5.1.9)\n\nSecurity Fix(es):\n\n* jackson-dataformat-cbor:  Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)\n\n* origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:0727",
        "url": "https://access.redhat.com/errata/RHSA-2022:0727"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1930423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
      },
      {
        "category": "external",
        "summary": "2052539",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539"
      },
      {
        "category": "external",
        "summary": "LOG-2181",
        "url": "https://issues.redhat.com/browse/LOG-2181"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0727.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.1.9)",
    "tracking": {
      "current_release_date": "2024-11-24T21:23:47+00:00",
      "generator": {
        "date": "2024-11-24T21:23:47+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2022:0727",
      "initial_release_date": "2022-03-01T18:15:33+00:00",
      "revision_history": [
        {
          "date": "2022-03-01T18:15:33+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-03-01T18:15:33+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-24T21:23:47+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Logging 5.1",
                "product": {
                  "name": "OpenShift Logging 5.1",
                  "product_id": "8Base-OSE-LOGGING-5.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:logging:5.1::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.9-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.9-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-125"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-120"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-120"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-123"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-139"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.9-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.9-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-125"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-120"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-120"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-123"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-139"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.9-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
                  "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.1.9-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.9-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
                  "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.1.9-22"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-125"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-120"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-120"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-123"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-139"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-28491",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-02-18T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1930423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jackson-dataformat-cbor.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nIn OCP 4.6 the openshift4/ose-logging-elasticsearch6 container delivers the vulnerable version of jackson-dataformat-cbor, but OCP 4.6 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support, hence this component is marked as ooss. Since the release of OCP 4.7 this component is delivered as part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8 container).\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "RHBZ#1930423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28491",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329",
          "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
        }
      ],
      "release_date": "2021-02-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-03-01T18:15:33+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0727"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception"
    },
    {
      "cve": "CVE-2022-0552",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2022-02-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2052539"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE only applies to the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container image, shipped in OpenShift Logging 5.1, 5.2. and 5.3.\nhttps://access.redhat.com/errata/RHSA-2021:5128\nhttps://access.redhat.com/errata/RHSA-2021:5127\nhttps://access.redhat.com/errata/RHSA-2021:5129",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-0552"
        },
        {
          "category": "external",
          "summary": "RHBZ#2052539",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0552",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-0552"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0552",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0552"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/cve/CVE-2021-21409",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21409"
        }
      ],
      "release_date": "2022-02-28T10:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-03-01T18:15:33+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0727"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.