rhsa-2022_5006
Vulnerability from csaf_redhat
Published
2022-06-13 12:43
Modified
2024-11-06 01:03
Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.3 Containers security update
Notes
Topic
Red Hat OpenShift Service Mesh 2.1.3.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
This advisory covers the RPM packages for the release.
Security Fix(es):
* eventsource: Exposure of Sensitive Information (CVE-2022-1650)
* golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)
* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)
* Moment.js: Path traversal in moment.locale (CVE-2022-24785)
* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Service Mesh 2.1.3.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nThis advisory covers the RPM packages for the release.\n\nSecurity Fix(es):\n\n* eventsource: Exposure of Sensitive Information (CVE-2022-1650)\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)\n* golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675)\n* Moment.js: Path traversal in moment.locale (CVE-2022-24785)\n* golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:5006", "url": "https://access.redhat.com/errata/RHSA-2022:5006" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2053429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429" }, { "category": "external", "summary": "2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "2077688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688" }, { "category": "external", "summary": "2077689", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689" }, { "category": "external", "summary": "2085307", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307" }, { "category": "external", "summary": "OSSM-1609", "url": "https://issues.redhat.com/browse/OSSM-1609" }, { "category": "external", "summary": "OSSM-1617", "url": "https://issues.redhat.com/browse/OSSM-1617" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5006.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.1.3 Containers security update", "tracking": { "current_release_date": "2024-11-06T01:03:46+00:00", "generator": { "date": "2024-11-06T01:03:46+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2022:5006", "initial_release_date": "2022-06-13T12:43:57+00:00", "revision_history": [ { "date": "2022-06-13T12:43:57+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-06-13T12:43:57+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T01:03:46+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Service Mesh 2.1", "product": { "name": "OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:service_mesh:2.1::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Service Mesh" }, { "branches": [ { "category": "product_version", "name": "openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x", "product": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x", "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x", "product_identification_helper": { "purl": "pkg:oci/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x", "product": { "name": "openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x", "product_id": "openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x", "product_identification_helper": { "purl": "pkg:oci/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "product": { "name": "openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "product_id": "openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.36.10-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x", "product": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x", "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.36.10-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x", "product": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x", "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x", "product_identification_helper": { "purl": "pkg:oci/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x", "product": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x", "product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x", "product_identification_helper": { "purl": "pkg:oci/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.1.3-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x", "product": { "name": "openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x", "product_id": "openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x", "product_identification_helper": { "purl": "pkg:oci/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x", "product": { "name": "openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x", "product_id": "openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x", "product_identification_helper": { "purl": "pkg:oci/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x", "product": { "name": "openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x", "product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x", "product_identification_helper": { "purl": "pkg:oci/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x", "product": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x", "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x", "product_identification_helper": { "purl": "pkg:oci/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.1.3-1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64", "product": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64", "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64", "product_identification_helper": { "purl": "pkg:oci/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64", "product": { "name": "openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64", "product_id": "openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64", "product_identification_helper": { "purl": "pkg:oci/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "product": { "name": "openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "product_id": "openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.36.10-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64", "product": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64", "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.36.10-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64", "product": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64", "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64", "product_identification_helper": { "purl": "pkg:oci/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64", "product": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64", "product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64", "product_identification_helper": { "purl": "pkg:oci/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.1.3-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64", "product": { "name": "openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64", "product_id": "openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64", "product_identification_helper": { "purl": "pkg:oci/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64", "product": { "name": "openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64", "product_id": "openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64", "product_identification_helper": { "purl": "pkg:oci/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64", "product": { "name": "openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64", "product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64", "product_identification_helper": { "purl": "pkg:oci/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64", "product": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64", "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64", "product_identification_helper": { "purl": "pkg:oci/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.1.3-1" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le", "product": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le", "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le", "product": { "name": "openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le", "product_id": "openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le", "product": { "name": "openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le", "product_id": "openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.36.10-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le", "product": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le", "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.36.10-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le", "product": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le", "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le", "product_identification_helper": { "purl": "pkg:oci/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le", "product": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le", "product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le", "product_identification_helper": { "purl": "pkg:oci/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.1.3-2" } } }, { "category": "product_version", "name": "openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le", "product": { "name": "openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le", "product_id": "openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le", "product": { "name": "openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le", "product_id": "openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le", "product_identification_helper": { "purl": "pkg:oci/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le", "product": { "name": "openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le", "product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le", "product_identification_helper": { "purl": "pkg:oci/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.1.3-1" } } }, { "category": "product_version", "name": "openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le", "product": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le", "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.1.3-1" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x" }, "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64" }, "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le" }, "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64" }, "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x" }, "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le" }, "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64" }, "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x" }, "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le" }, "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le" }, "product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x" }, "product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64" }, "product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le" }, "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x" }, "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64" }, "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64" }, "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x" }, "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le" }, "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le" }, "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x" }, "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64" }, "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x" }, "product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64" }, "product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le" }, "product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64" }, "product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x" }, "product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le" }, "product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x" }, "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le" }, "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le", "relates_to_product_reference": "8Base-OSSM-2.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64 as a component of OpenShift Service Mesh 2.1", "product_id": "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64" }, "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64", "relates_to_product_reference": "8Base-OSSM-2.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-1650", "cwe": { "id": "CWE-359", "name": "Exposure of Private Personal Information to an Unauthorized Actor" }, "discovery_date": "2022-05-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2085307" } ], "notes": [ { "category": "description", "text": "A flaw was found in the EventSource NPM Package. The description from the source states the following message: \"Exposure of Sensitive Information to an Unauthorized Actor.\" This flaw allows an attacker to steal the user\u0027s credentials and then use the credentials to access the legitimate website.", "title": "Vulnerability description" }, { "category": "summary", "text": "eventsource: Exposure of Sensitive Information", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le" ], "known_not_affected": [ "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-1650" }, { "category": "external", "summary": "RHBZ#2085307", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2085307" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-1650", "url": "https://www.cve.org/CVERecord?id=CVE-2022-1650" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1650" }, { "category": "external", "summary": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e", "url": "https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e" } ], "release_date": "2022-05-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-13T12:43:57+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5006" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "eventsource: Exposure of Sensitive Information" }, { "cve": "CVE-2022-23806", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "discovery_date": "2022-02-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2053429" } ], "notes": [ { "category": "description", "text": "A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of this undefined behavior, affecting the availability and integrity of the resource.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 8 and 9 are affected because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having a Moderate security impact. The issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7; hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16 \u0026 1.17), will not be addressed in future updates as shipped only in RHEL-7, hence, marked as Out-of-Support-Scope.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le" ], "known_not_affected": [ "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-23806" }, { "category": "external", "summary": "RHBZ#2053429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053429" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-23806", "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23806" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", "url": "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ" } ], "release_date": "2022-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-13T12:43:57+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5006" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements" }, { "cve": "CVE-2022-24675", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2022-04-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2077688" } ], "notes": [ { "category": "description", "text": "A buffer overflow flaw was found in Golang\u0027s library encoding/pem. This flaw allows an attacker to use a large PEM input (more than 5 MB), causing a stack overflow in Decode, which leads to a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: encoding/pem: fix stack overflow in Decode", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope.\n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le" ], "known_not_affected": [ "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24675" }, { "category": "external", "summary": "RHBZ#2077688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077688" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24675", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24675" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8" } ], "release_date": "2022-04-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-13T12:43:57+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5006" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: encoding/pem: fix stack overflow in Decode" }, { "cve": "CVE-2022-24785", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2022-04-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2072009" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability was found in Moment.js that impacts npm (server) users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Moment.js: Path traversal in moment.locale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le" ], "known_not_affected": [ "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24785" }, { "category": "external", "summary": "RHBZ#2072009", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072009" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24785", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24785" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4", "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" } ], "release_date": "2022-04-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-13T12:43:57+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5006" }, { "category": "workaround", "details": "Sanitize the user-provided locale name before passing it to Moment.js.", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Moment.js: Path traversal in moment.locale" }, { "cve": "CVE-2022-28327", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2022-04-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2077689" } ], "notes": [ { "category": "description", "text": "An integer overflow flaw was found in Golang\u0027s crypto/elliptic library. This flaw allows an attacker to use a crafted scaler input longer than 32 bytes, causing P256().ScalarMult or P256().ScalarBaseMult to panic, leading to a loss of availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/elliptic: panic caused by oversized scalar", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Enterprise Linux 7, 8 and 9 are affected, because the code-base is affected by this vulnerability.\n\nRed Hat Product Security has rated this issue as having Moderate security impact, and the issue is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 7, hence, marked as Out-of-Support-Scope. \n\nRed Hat Developer Tools - Compilers (go-toolset-1.16-golang \u0026 go-toolset-1.17-golang), ships the vulnerable code and affected by this vulnerability.\n\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle \u0026 Updates Policy: https://access.redhat.com/support/policy/updates/errata/.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le" ], "known_not_affected": [ "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:421fd50a8b2ee0e7765fc624827009c183925f0c3e8e05a0b764ad50cfd277cc_s390x", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:80f846861ea0da09cfdceaf88febad3fcc81a3fbcaf152c864c0178b46da99af_amd64", "8Base-OSSM-2.1:openshift-service-mesh/grafana-rhel8@sha256:fa1bea01162ee5384ff97d6fed0f17b25261c5413c40365ccf1dedd990079ddb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:1766bc2099296825dac5e2ac6950973f530068aee712c63e48eb0ea62c6822f8_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:461939e81840a7c1bc9c894b5cd907c781fab5a109e053619e53c333311299c3_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-cni-rhel8@sha256:d35bf874ea380d8bb261dcd44acc097cfbe30a5116b1b5270345f823b08f5c6a_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:2a82697fb50eaea57e19a3306bdeeb500194ad2209307818e4a30e3e104efb53_amd64", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:59318d17b29c8b1e6b2edb177a116b41ccebd935c6a4a0a64e2683080ee06151_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-must-gather-rhel8@sha256:82488010b224ad5ec34d428ed6e17ba973a628a871e5d11208b98f30f9e2e579_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:190c9fbfadb21dcfb86e911beae6b0871cc8bef3d0d94f7001e9a805d61e3677_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:2bd7402728aed0af2359038c4ec30dd82f74024a34fabc07ec92f91ec38bbb58_s390x", "8Base-OSSM-2.1:openshift-service-mesh/istio-rhel8-operator@sha256:bf7e1d66d324023365b266046e95e2486726728779cba6822ed66842ea72706f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:3a603914d980b7f50e587ae778ca80ef3ecd8c802dc94ee4045c3b79c8f3fccb_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:6d6a35aa10dc35bafc4dc1ba84f7490e2c81515af7d55e394c50061adbab73f8_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8-operator@sha256:81953c48689b1504a3b7493736bf95ae034f23b57904f36e63cb1ef738433f6a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:2cbb992dd88ec3e121c794ecb6d54ee4c2a15058d51e0302605d0be8304688f8_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:6c4a161a5fc080a1ed60bce59a8e6e547d67d5f106be4c0ce6e1482462426d63_s390x", "8Base-OSSM-2.1:openshift-service-mesh/pilot-rhel8@sha256:7c5f3f4854e768285d2a47647a585b7bf93ee0ee0e01a0cb938c72c7f54af192_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:a0faa36376620395fda20353f55dc99fe818883b6d90dba7160288498efa26aa_s390x", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:bf1b96c1d5debd1553a8dbac1a958c1f705f481d91ee376e339a494869b3fe3f_amd64", "8Base-OSSM-2.1:openshift-service-mesh/prometheus-rhel8@sha256:dd85b4878cae2830db264bb7c01230fde316a0de8e5385ca9ea5a454156a4093_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:215c0e0122b2d8e01721350a023741b24623884385da9cf57f32cd9bd4adb6aa_amd64", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:2fce4ae6966d9739322f7a073c137136593508b29d058bb3556aba021af25409_s390x", "8Base-OSSM-2.1:openshift-service-mesh/proxyv2-rhel8@sha256:915caeda1e92378cf59087213301ca07234570ae04561b9de19196bbf29475e4_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:400e8ea6ad46cae63b321bad3e8ca30189c9d5b0713e2c0c2cf1ca811f959ad1_s390x", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:811afd6e88b72f09a091ba5304891c88afd968ddbe634622257c752374747c85_ppc64le", "8Base-OSSM-2.1:openshift-service-mesh/ratelimit-rhel8@sha256:826c9104f2c626c0ffb98a05c4a938d09af5b1adf0b756966e6cc739b4614261_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-28327" }, { "category": "external", "summary": "RHBZ#2077689", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077689" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-28327", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28327" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8" } ], "release_date": "2022-04-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-06-13T12:43:57+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5006" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:180a8353d6c49ae0683c9503bca87fa63bb770f7f21eb4b7132221635a54e76a_amd64", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:24bf5471e8b80ecc7e7bf78697ffdeb11f9aef24dfcc1e9a70002d8595058c53_s390x", "8Base-OSSM-2.1:openshift-service-mesh/kiali-rhel8@sha256:b8dcb96c7f8fb1668b5ddcc8fd96e5f252ca351b128160362f188d77df24a3c9_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/elliptic: panic caused by oversized scalar" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.