rhsa-2022_5483
Vulnerability from csaf_redhat
Published
2022-07-01 09:52
Modified
2024-11-13 23:45
Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update
Notes
Topic
The Migration Toolkit for Containers (MTC) 1.7.2 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "The Migration Toolkit for Containers (MTC) 1.7.2 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:5483", "url": "https://access.redhat.com/errata/RHSA-2022:5483" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2007557", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557" }, { "category": "external", "summary": "2038898", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038898" }, { "category": "external", "summary": "2040693", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040693" }, { "category": "external", "summary": "2040695", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040695" }, { "category": "external", "summary": "2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "2048537", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048537" }, { "category": "external", "summary": "2053259", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259" }, { "category": "external", "summary": "2055658", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055658" }, { "category": "external", "summary": "2056962", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056962" }, { "category": "external", "summary": "2058172", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058172" }, { "category": "external", "summary": "2058529", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058529" }, { "category": "external", "summary": "2061335", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061335" }, { "category": "external", "summary": "2062266", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062266" }, { "category": "external", "summary": "2062862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062862" }, { "category": "external", "summary": "2074675", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074675" }, { "category": "external", "summary": "2076593", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076593" }, { "category": "external", "summary": "2076599", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076599" }, { "category": "external", "summary": "2078459", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078459" }, { "category": "external", "summary": "2079252", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079252" }, { "category": "external", "summary": "2082221", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082221" }, { "category": "external", "summary": "2082225", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082225" }, { "category": "external", "summary": "2088022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088022" }, { "category": "external", "summary": "2088026", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088026" }, { "category": "external", "summary": "2089126", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089126" }, { "category": "external", "summary": "2089411", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089411" }, { "category": "external", "summary": "2089859", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089859" }, { "category": "external", "summary": "2090317", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090317" }, { "category": "external", "summary": "2096939", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096939" }, { "category": "external", "summary": "2100486", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100486" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_5483.json" } ], "title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update", "tracking": { "current_release_date": "2024-11-13T23:45:15+00:00", "generator": { "date": "2024-11-13T23:45:15+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2022:5483", "initial_release_date": "2022-07-01T09:52:30+00:00", "revision_history": [ { "date": "2022-07-01T09:52:30+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-07-01T09:52:30+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-13T23:45:15+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "8Base-RHMTC-1.7", "product": { "name": "8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhmt:1.7::el8" } } } ], "category": "product_family", "name": "Red Hat Migration Toolkit" }, { "branches": [ { "category": "product_version", "name": "rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64", "product": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64", "product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.2-5" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64", "product": { "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64", "product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.2-19" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64", "product": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64", "product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.2-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64", "product": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64", "product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.2-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64", "product": { "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64", "product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.2-2" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64", "product": { "name": "rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64", "product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.2-18" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64", "product": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64", "product_id": "rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.2-19" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64", "product": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64", "product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.2-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64", "product": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64", "product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.2-4" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64", "product": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64", "product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.2-9" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64", "product": { "name": "rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64", "product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.2-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.2-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.2-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64", "product": { "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64", "product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.2-3" } } }, { "category": "product_version", "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64", "product": { "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64", "product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.2-2" } } }, { "category": "product_version", "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64", "product": { "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64", "product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64", "product_identification_helper": { "purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.2-3" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64" }, "product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64" }, "product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64" }, "product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64" }, "product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64" }, "product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64" }, "product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64" }, "product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64" }, "product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64" }, "product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64" }, "product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64" }, "product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" }, { "category": "default_component_of", "full_product_name": { "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64 as a component of 8Base-RHMTC-1.7", "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64" }, "product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64", "relates_to_product_reference": "8Base-RHMTC-1.7" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-3807", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-09-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2007557" } ], "notes": [ { "category": "description", "text": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw requires crafted invalid ANSI escape codes in order to be exploited and only allows for denial of service of applications on the client side, hence the impact has been rated as Moderate.\n\nIn Red Hat Virtualization and Red Hat Quay some components use a vulnerable version of ansi-regex. However, all frontend code is executed on the client side. As the maximum impact of this vulnerability is denial of service in the client, the vulnerability is rated Moderate for those products.\n\nOpenShift Container Platform 4 (OCP) ships affected version of ansi-regex in the ose-metering-hadoop container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence hadoop container has been marked as \u0027will not fix\u0027.\n\nAdvanced Cluster Management for Kubernetes (RHACM) ships the affected version of ansi-regex in several containers, however the impact of this vulnerability is deemed low as it would result in an authenticated slowing down their own user interface. \n\n[1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3807" }, { "category": "external", "summary": "RHBZ#2007557", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3807", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807" }, { "category": "external", "summary": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994", "url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994" } ], "release_date": "2021-09-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-01T09:52:30+00:00", "details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5483" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes" }, { "cve": "CVE-2022-0235", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "discovery_date": "2022-01-16T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2044591" } ], "notes": [ { "category": "description", "text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.", "title": "Vulnerability description" }, { "category": "summary", "text": "node-fetch: exposure of sensitive information to an unauthorized actor", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0235" }, { "category": "external", "summary": "RHBZ#2044591", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235" }, { "category": "external", "summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/", "url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/" } ], "release_date": "2022-01-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-01T09:52:30+00:00", "details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5483" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "node-fetch: exposure of sensitive information to an unauthorized actor" }, { "cve": "CVE-2022-0536", "cwe": { "id": "CWE-212", "name": "Improper Removal of Sensitive Information Before Storage or Transfer" }, "discovery_date": "2022-02-10T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2053259" } ], "notes": [ { "category": "description", "text": "A flaw was found in the follow-redirects package. This flaw allows the exposure of sensitive information to an unauthorized actor due to the usage of insecure HTTP protocol. This issue happens with an Authorization header leak from the same hostname, https-http, and requires a Man-in-the-Middle (MITM) attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64" ], "known_not_affected": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64", "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-0536" }, { "category": "external", "summary": "RHBZ#2053259", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0536", "url": "https://www.cve.org/CVERecord?id=CVE-2022-0536" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536" } ], "release_date": "2022-02-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-07-01T09:52:30+00:00", "details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html", "product_ids": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:5483" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.