csaf_redhat - rhsa-2022

rhsa-2022_0727

Vulnerability from csaf_redhat

Published

2022-03-01 18:15

Modified

2024-11-15 07:36

Summary

Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.1.9)

Notes

Topic

OpenShift Logging bug fix and security update (5.1.9) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

OpenShift Logging bug fix and security update (5.1.9) Security Fix(es): * jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491) * origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "OpenShift Logging bug fix and security update (5.1.9)\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift Logging bug fix and security update (5.1.9)\n\nSecurity Fix(es):\n\n* jackson-dataformat-cbor:  Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)\n\n* origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:0727",
        "url": "https://access.redhat.com/errata/RHSA-2022:0727"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1930423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
      },
      {
        "category": "external",
        "summary": "2052539",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539"
      },
      {
        "category": "external",
        "summary": "LOG-2181",
        "url": "https://issues.redhat.com/browse/LOG-2181"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0727.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.1.9)",
    "tracking": {
      "current_release_date": "2024-11-15T07:36:22+00:00",
      "generator": {
        "date": "2024-11-15T07:36:22+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2022:0727",
      "initial_release_date": "2022-03-01T18:15:33+00:00",
      "revision_history": [
        {
          "date": "2022-03-01T18:15:33+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-03-01T18:15:33+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-15T07:36:22+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Logging 5.1",
                "product": {
                  "name": "OpenShift Logging 5.1",
                  "product_id": "8Base-OSE-LOGGING-5.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:logging:5.1::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.9-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.9-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-125"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-120"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-120"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-123"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-139"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.9-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.9-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-125"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-120"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-120"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-123"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-139"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.9-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
                  "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.1.9-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.9-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
                  "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.1.9-22"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-125"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-120"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-120"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-123"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-139"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-28491",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-02-18T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1930423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jackson-dataformat-cbor.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nIn OCP 4.6 the openshift4/ose-logging-elasticsearch6 container delivers the vulnerable version of jackson-dataformat-cbor, but OCP 4.6 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support, hence this component is marked as ooss. Since the release of OCP 4.7 this component is delivered as part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8 container).\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "RHBZ#1930423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28491",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329",
          "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
        }
      ],
      "release_date": "2021-02-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-03-01T18:15:33+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0727"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception"
    },
    {
      "cve": "CVE-2022-0552",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2022-02-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2052539"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE only applies to the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container image, shipped in OpenShift Logging 5.1, 5.2. and 5.3.\nhttps://access.redhat.com/errata/RHSA-2021:5128\nhttps://access.redhat.com/errata/RHSA-2021:5127\nhttps://access.redhat.com/errata/RHSA-2021:5129",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-0552"
        },
        {
          "category": "external",
          "summary": "RHBZ#2052539",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0552",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-0552"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0552",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0552"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/cve/CVE-2021-21409",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21409"
        }
      ],
      "release_date": "2022-02-28T10:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-03-01T18:15:33+00:00",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0727"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409"
    }
  ]
}

cve-2022-0552

Vulnerability from cvelistv5

Published

2022-04-11 19:38

Modified

2024-08-02 23:32

Severity ?

Summary

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=2052539	x_refsource_MISC
	https://access.redhat.com/security/cve/CVE-2021-21409	x_refsource_MISC
	https://github.com/openshift/origin-aggregated-logging/commit/d6b72d6c32e7c06b65324294d10406546734004d	x_refsource_MISC

Impacted products

▼	Vendor	Product
	n/a	origin-aggregated-logging/elasticsearch

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:32:46.206Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2021-21409"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openshift/origin-aggregated-logging/commit/d6b72d6c32e7c06b65324294d10406546734004d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "origin-aggregated-logging/elasticsearch",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "origin-aggregated-logging versions 3.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-11T19:38:32",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2021-21409"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openshift/origin-aggregated-logging/commit/d6b72d6c32e7c06b65324294d10406546734004d"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-0552",
    "datePublished": "2022-04-11T19:38:32",
    "dateReserved": "2022-02-09T00:00:00",
    "dateUpdated": "2024-08-02T23:32:46.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-28491

Vulnerability from cvelistv5

Published

2021-02-18 15:50

Modified

2024-09-16 20:16

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Denial of Service (DoS)

References

▼	URL	Tags
	https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329	x_refsource_MISC
	https://github.com/FasterXML/jackson-dataformats-binary/issues/186	x_refsource_MISC
	https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC

Impacted products

▼	Vendor	Product
	n/a	com.fasterxml.jackson.dataformat:jackson-dataformat-cbor

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:40:58.646Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "com.fasterxml.jackson.dataformat:jackson-dataformat-cbor",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.11.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "2.12.0-rc1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.12.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "cowtowncoder"
        }
      ],
      "datePublic": "2021-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:17:12",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "title": "Denial of Service (DoS)",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "report@snyk.io",
          "DATE_PUBLIC": "2021-02-18T15:46:36.779241Z",
          "ID": "CVE-2020-28491",
          "STATE": "PUBLIC",
          "TITLE": "Denial of Service (DoS)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "com.fasterxml.jackson.dataformat:jackson-dataformat-cbor",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "2.11.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "2.12.0-rc1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "2.12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "cowtowncoder"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (DoS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329",
              "refsource": "MISC",
              "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
            },
            {
              "name": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186"
            },
            {
              "name": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2020-28491",
    "datePublished": "2021-02-18T15:50:15.260223Z",
    "dateReserved": "2020-11-12T00:00:00",
    "dateUpdated": "2024-09-16T20:16:27.638Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2022_0727

Vulnerability from csaf_redhat

cve-2022-0552

Vulnerability from cvelistv5

cve-2020-28491

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature