rhsa-2022_6024
Vulnerability from csaf_redhat
Published
2022-08-09 20:31
Modified
2024-11-06 01:21
Summary
Red Hat Security Advisory: New container image for Red Hat Ceph Storage 5.2 Security update

Notes

Topic
A new container image for Red Hat Ceph Storage 5.2 is now available in the Red Hat Ecosystem Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. This new container image is based on Red Hat Ceph Storage 5.2 and Red Hat Enterprise Linux 8.6 and Red Hat Enterprise Linux 9. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes: https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.2/html-single/release_notes/index All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous enhancements and bug fixes. Security Fix(es): * grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673) * grafana: directory traversal vulnerability (CVE-2021-43813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new container image for Red Hat Ceph Storage 5.2 is now available in the Red Hat Ecosystem Catalog.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform\nthat combines the most stable version of the Ceph storage system with a\nCeph management platform, deployment utilities, and support services.\n\nThis new container image is based on Red Hat Ceph Storage 5.2 and Red Hat\nEnterprise Linux 8.6 and Red Hat Enterprise Linux 9.\n\nSpace precludes documenting all of these changes in this advisory. Users\nare directed to the Red Hat Ceph Storage Release Notes for information on\nthe most significant of these changes:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.2/html-single/release_notes/index\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from\nthe Red Hat Ecosystem catalog, which provides numerous enhancements and bug\nfixes.\n\nSecurity Fix(es):\n\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n\n* grafana: directory traversal vulnerability (CVE-2021-43813)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:6024",
        "url": "https://access.redhat.com/errata/RHSA-2022:6024"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2031228",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031228"
      },
      {
        "category": "external",
        "summary": "2044628",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628"
      },
      {
        "category": "external",
        "summary": "2115198",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2115198"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6024.json"
      }
    ],
    "title": "Red Hat Security Advisory: New container image for Red Hat Ceph Storage 5.2 Security update",
    "tracking": {
      "current_release_date": "2024-11-06T01:21:50+00:00",
      "generator": {
        "date": "2024-11-06T01:21:50+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2022:6024",
      "initial_release_date": "2022-08-09T20:31:48+00:00",
      "revision_history": [
        {
          "date": "2022-08-09T20:31:48+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-08-09T20:31:48+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-06T01:21:50+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Ceph Storage 5.2 Tools",
                "product": {
                  "name": "Red Hat Ceph Storage 5.2 Tools",
                  "product_id": "8Base-RHCEPH-5.2-Tools",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ceph_storage:5.2::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Ceph Storage"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x",
                "product": {
                  "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x",
                  "product_id": "rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-dashboard-rhel8\u0026tag=5-56"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x",
                "product": {
                  "name": "rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x",
                  "product_id": "rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel8\u0026tag=2.1.5-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x",
                "product": {
                  "name": "rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x",
                  "product_id": "rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-rhel8\u0026tag=5-268"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x",
                "product": {
                  "name": "rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x",
                  "product_id": "rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel8\u0026tag=2.2.19-9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x",
                "product": {
                  "name": "rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x",
                  "product_id": "rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel8\u0026tag=1.2.1-16"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
                "product": {
                  "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
                  "product_id": "rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-dashboard-rhel8\u0026tag=5-56"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le",
                "product": {
                  "name": "rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le",
                  "product_id": "rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel8\u0026tag=2.1.5-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le",
                "product": {
                  "name": "rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le",
                  "product_id": "rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-rhel8\u0026tag=5-268"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le",
                "product": {
                  "name": "rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le",
                  "product_id": "rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel8\u0026tag=2.2.19-9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le",
                "product": {
                  "name": "rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le",
                  "product_id": "rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel8\u0026tag=1.2.1-16"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
                "product": {
                  "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
                  "product_id": "rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-dashboard-rhel8\u0026tag=5-56"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64",
                "product": {
                  "name": "rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64",
                  "product_id": "rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel8\u0026tag=2.1.5-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64",
                "product": {
                  "name": "rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64",
                  "product_id": "rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-5-rhel8\u0026tag=5-268"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64",
                "product": {
                  "name": "rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64",
                  "product_id": "rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel8\u0026tag=2.2.19-9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64",
                "product": {
                  "name": "rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64",
                  "product_id": "rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel8\u0026tag=1.2.1-16"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x as a component of Red Hat Ceph Storage 5.2 Tools",
          "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x"
        },
        "product_reference": "rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x",
        "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le as a component of Red Hat Ceph Storage 5.2 Tools",
          "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le"
        },
        "product_reference": "rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le",
        "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64 as a component of Red Hat Ceph Storage 5.2 Tools",
          "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64"
        },
        "product_reference": "rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64",
        "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64 as a component of Red Hat Ceph Storage 5.2 Tools",
          "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64"
        },
        "product_reference": "rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
        "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le as a component of Red Hat Ceph Storage 5.2 Tools",
          "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le"
        },
        "product_reference": "rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
        "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x as a component of Red Hat Ceph Storage 5.2 Tools",
          "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x"
        },
        "product_reference": "rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x",
        "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64 as a component of Red Hat Ceph Storage 5.2 Tools",
          "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64"
        },
        "product_reference": "rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64",
        "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x as a component of Red Hat Ceph Storage 5.2 Tools",
          "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x"
        },
        "product_reference": "rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x",
        "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le as a component of Red Hat Ceph Storage 5.2 Tools",
          "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le"
        },
        "product_reference": "rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le",
        "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x as a component of Red Hat Ceph Storage 5.2 Tools",
          "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x"
        },
        "product_reference": "rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x",
        "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le as a component of Red Hat Ceph Storage 5.2 Tools",
          "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le"
        },
        "product_reference": "rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le",
        "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64 as a component of Red Hat Ceph Storage 5.2 Tools",
          "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64"
        },
        "product_reference": "rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64",
        "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x as a component of Red Hat Ceph Storage 5.2 Tools",
          "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x"
        },
        "product_reference": "rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x",
        "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64 as a component of Red Hat Ceph Storage 5.2 Tools",
          "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64"
        },
        "product_reference": "rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64",
        "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le as a component of Red Hat Ceph Storage 5.2 Tools",
          "product_id": "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le"
        },
        "product_reference": "rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le",
        "relates_to_product_reference": "8Base-RHCEPH-5.2-Tools"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-43813",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2021-12-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x",
            "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le",
            "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64",
            "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x",
            "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64",
            "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2031228"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension .md to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Users should upgrade to patched versions 8.3.2 or 7.5.12. For users who cannot upgrade, running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. Alternatively, for fully lowercase or fully uppercase .md files, users can block /api/plugins/.*/markdown/.* without losing any functionality beyond inlined plugin help text.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "grafana: directory traversal vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x"
        ],
        "known_not_affected": [
          "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x",
          "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le",
          "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64",
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64",
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x",
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le",
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x",
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le",
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64",
          "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x",
          "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64",
          "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-43813"
        },
        {
          "category": "external",
          "summary": "RHBZ#2031228",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031228"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-43813",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-43813"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43813",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43813"
        },
        {
          "category": "external",
          "summary": "https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/",
          "url": "https://grafana.com/blog/2021/12/10/grafana-8.3.2-and-7.5.12-released-with-moderate-severity-security-fix/"
        }
      ],
      "release_date": "2021-12-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-09T20:31:48+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
          "product_ids": [
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6024"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "grafana: directory traversal vulnerability"
    },
    {
      "cve": "CVE-2022-21673",
      "cwe": {
        "id": "CWE-201",
        "name": "Insertion of Sensitive Information Into Sent Data"
      },
      "discovery_date": "2022-01-24T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x",
            "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le",
            "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64",
            "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x",
            "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64",
            "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2044628"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An information-disclosure flaw was found in grafana. When a data source has the Forward OAuth Identity feature enabled, sending a query to that data source with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This flaw allows API token holders to retrieve data to which they may not be authorized.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "grafana: Forward OAuth Identity Token can allow users to access some data sources",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x"
        ],
        "known_not_affected": [
          "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:046f7d4bb244256dfaedd006af00575d63ade28b884ed8f96087c954453248c2_s390x",
          "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:0cba817cebbdf4ac325b722d515f5335c35a4c89ddc069ad1e00b2df91314dfc_ppc64le",
          "8Base-RHCEPH-5.2-Tools:rhceph/keepalived-rhel8@sha256:fa226b35008b7a420e48166c6f53d13331e703ef184d993fd9d7bad601ae1083_amd64",
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:03c87d18494d1d1796c8729871c001057d0fa19826a672d1bc34da6609e551ba_amd64",
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:5eba7b2a711ae6b43822d11db41c823de251a2a148903ba430d12fe4870ef2f1_s390x",
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-rhel8@sha256:b1e3292d0ba697e36bfd03979900ab28edcfb3e005335cc4d909fe8de863b158_ppc64le",
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:1a6c034927989b231f4e358a358163c75a35a36b162756a0f5bc47c787d72074_s390x",
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:2a6c28d7ae35fa7aa98c31da08248997c92959e006ce8aea174bcaea299a1eec_ppc64le",
          "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-haproxy-rhel8@sha256:dc65885f716a652fdabe6c43e5522eb81670178f323f944ee3a17b07ce48ecb7_amd64",
          "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:75512f53c3938baaf69104244c5016d559ad5b709bc5d67f147c6e09963a6894_s390x",
          "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:b4e3f7682ace25f2446361df2631b02f28d9cd5c9172d8e904d05823e62c8c07_amd64",
          "8Base-RHCEPH-5.2-Tools:rhceph/snmp-notifier-rhel8@sha256:c33fb85b7fd24a9da09ec439a0fd9a76f4a25faf7a17adeae81ec62b086a84ad_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-21673"
        },
        {
          "category": "external",
          "summary": "RHBZ#2044628",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044628"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21673",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21673"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21673"
        },
        {
          "category": "external",
          "summary": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/",
          "url": "https://grafana.com/blog/2022/01/18/grafana-8.3.4-and-7.5.13-released-with-important-security-fix/"
        }
      ],
      "release_date": "2022-01-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-08-09T20:31:48+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
          "product_ids": [
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6024"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:78c523070ed4275b7efe6bd10eef95cb3ef97bfd97e2bba42f92e42953e90371_amd64",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:9d59cc5917110dee7d46e08c81b4440c7e3c4a3d841344ac508dd6dc45bd5572_ppc64le",
            "8Base-RHCEPH-5.2-Tools:rhceph/rhceph-5-dashboard-rhel8@sha256:d69e364a14d01dff8f0876856e3efe8a3e6496aa69a22131d877628c633a4dd7_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "grafana: Forward OAuth Identity Token can allow users to access some data sources"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.